CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.Referenceshttp://securityreason.com/securityalert/2057http://www.securityfocus.com/archive/1/454965/100/0/threadedhttp://marc.info/?l=full-disclosure&m=116664018702238&w=2http://marc.info/?l=full-disclosure&m=116666155824901&w=2http://secunia.com/advisories/23461http://www.securityfocus.com/archive/1/455106/100/0/threadedhttp://www.vupen.com/english/advisories/2006/5124http://www.securityfocus.com/bid/21686http://www.securityfocus.com/archive/1/454945/100/0/threaded
