Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56761
Category:CGI abuses
Title:WebCalendar Layers_Toggle.PHP HTTP Response Splitting
Summary:NOSUMMARY
Description:Description:

CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.

The remote host has a version of WebCalendar installed which
allows attackers to modify HTTP headers. This can result
in HTTP response splitting, which allows web pages to be
presented in a fashion not intended, with numerous possible
consequences. Version 1.0.1 is known to be vulnerable.

Solution : Upgrade to a later version.

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: BugTraq ID: 15673
Common Vulnerability Exposure (CVE) ID: CVE-2005-3982
http://www.securityfocus.com/bid/15673
Bugtraq: 20051201 WebCalendar Multiple Vulnerabilities. (Google Search)
http://www.securityfocus.com/archive/1/418286/100/0/threaded
Debian Security Information: DSA-1002 (Google Search)
http://www.debian.org/security/2006/dsa-1002
http://vd.lwang.org/webcalendar_multiple_vulns.txt
http://www.osvdb.org/21383
http://secunia.com/advisories/17848
http://secunia.com/advisories/19240
http://www.vupen.com/english/advisories/2005/2702
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.