|Title:||WebCalendar Layers_Toggle.PHP HTTP Response Splitting|
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
The remote host has a version of WebCalendar installed which
allows attackers to modify HTTP headers. This can result
in HTTP response splitting, which allows web pages to be
presented in a fashion not intended, with numerous possible
consequences. Version 1.0.1 is known to be vulnerable.
Solution : Upgrade to a later version.
Risk factor : Medium
BugTraq ID: 15673|
Common Vulnerability Exposure (CVE) ID: CVE-2005-3982
Bugtraq: 20051201 WebCalendar Multiple Vulnerabilities. (Google Search)
Debian Security Information: DSA-1002 (Google Search)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.