ID CVE-2005-3982
Summary CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
References
Vulnerable Configurations
  • cpe:2.3:a:webcalendar:webcalendar:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:webcalendar:webcalendar:1.0.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 15673
bugtraq 20051201 WebCalendar Multiple Vulnerabilities.
debian DSA-1002
misc http://vd.lwang.org/webcalendar_multiple_vulns.txt
osvdb 21383
secunia
  • 17848
  • 19240
vupen ADV-2005-2702
Last major update 19-10-2018 - 15:39
Published 04-12-2005 - 11:03
Last modified 19-10-2018 - 15:39
Back to Top