CGI abuses : WebCalendar Layers_Toggle.PHP HTTP Response Splitting

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56761

Categoría: CGI abuses

Título: WebCalendar Layers_Toggle.PHP HTTP Response Splitting

Resumen: NOSUMMARY

Descripción: Description:

CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.

The remote host has a version of WebCalendar installed which
allows attackers to modify HTTP headers. This can result
in HTTP response splitting, which allows web pages to be
presented in a fashion not intended, with numerous possible
consequences. Version 1.0.1 is known to be vulnerable.

Solution : Upgrade to a later version.

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 15673
Common Vulnerability Exposure (CVE) ID: CVE-2005-3982
http://www.securityfocus.com/bid/15673
Bugtraq: 20051201 WebCalendar Multiple Vulnerabilities. (Google Search)
http://www.securityfocus.com/archive/1/418286/100/0/threaded
Debian Security Information: DSA-1002 (Google Search)
http://www.debian.org/security/2006/dsa-1002
http://vd.lwang.org/webcalendar_multiple_vulns.txt
http://www.osvdb.org/21383
http://secunia.com/advisories/17848
http://secunia.com/advisories/19240
http://www.vupen.com/english/advisories/2005/2702

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56761
Categoría:	CGI abuses
Título:	WebCalendar Layers_Toggle.PHP HTTP Response Splitting
Resumen:	NOSUMMARY
Descripción:	Description: CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. The remote host has a version of WebCalendar installed which allows attackers to modify HTTP headers. This can result in HTTP response splitting, which allows web pages to be presented in a fashion not intended, with numerous possible consequences. Version 1.0.1 is known to be vulnerable. Solution : Upgrade to a later version. Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 15673 Common Vulnerability Exposure (CVE) ID: CVE-2005-3982 http://www.securityfocus.com/bid/15673 Bugtraq: 20051201 WebCalendar Multiple Vulnerabilities. (Google Search) http://www.securityfocus.com/archive/1/418286/100/0/threaded Debian Security Information: DSA-1002 (Google Search) http://www.debian.org/security/2006/dsa-1002 http://vd.lwang.org/webcalendar_multiple_vulns.txt http://www.osvdb.org/21383 http://secunia.com/advisories/17848 http://secunia.com/advisories/19240 http://www.vupen.com/english/advisories/2005/2702
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com