A vulnerability has been reported in Oracle Application Server due to an input validation error in the "webapp/jsp/calendar.jsp" script while processing the "enc" parameter. This could be exploited by remote attackers to inject arbitrary HTTP headers to conduct HTTP request splitting and cross-site site scripting attacks.
A vulnerability has been reported in Oracle Application Server due to an input validation error in the "jsp/container_tabs.jsp" script while handling the "tc" parameter . This could allow remote attackers to execute arbitrary HTML and scripting code to bypass certain security restrictions.
The information provided herein is on "as is" basis, without warranty of any kind.