Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CGI abuses
Title:WebCalendar Layers_Toggle.PHP HTTP Response Splitting

CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.

The remote host has a version of WebCalendar installed which
allows attackers to modify HTTP headers. This can result
in HTTP response splitting, which allows web pages to be
presented in a fashion not intended, with numerous possible
consequences. Version 1.0.1 is known to be vulnerable.

Solution : Upgrade to a later version.

Risk factor : Medium

CVSS Score:

Cross-Ref: BugTraq ID: 15673
Common Vulnerability Exposure (CVE) ID: CVE-2005-3982
Bugtraq: 20051201 WebCalendar Multiple Vulnerabilities. (Google Search)
Debian Security Information: DSA-1002 (Google Search)
CopyrightCopyright (c) 2006 E-Soft Inc.

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.