Vulnerability Details CVE-2004-1507
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18027
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18027
Products affected by CVE-2004-1507
-
cpe:2.3:a:webcalendar:webcalendar:0.9.11
-
cpe:2.3:a:webcalendar:webcalendar:0.9.15
-
cpe:2.3:a:webcalendar:webcalendar:0.9.16
-
cpe:2.3:a:webcalendar:webcalendar:0.9.19
-
cpe:2.3:a:webcalendar:webcalendar:0.9.20
-
cpe:2.3:a:webcalendar:webcalendar:0.9.21
-
cpe:2.3:a:webcalendar:webcalendar:0.9.22
-
cpe:2.3:a:webcalendar:webcalendar:0.9.23
-
cpe:2.3:a:webcalendar:webcalendar:0.9.24
-
cpe:2.3:a:webcalendar:webcalendar:0.9.25
-
cpe:2.3:a:webcalendar:webcalendar:0.9.26
-
cpe:2.3:a:webcalendar:webcalendar:0.9.27
-
cpe:2.3:a:webcalendar:webcalendar:0.9.28
-
cpe:2.3:a:webcalendar:webcalendar:0.9.29
-
cpe:2.3:a:webcalendar:webcalendar:0.9.30
-
cpe:2.3:a:webcalendar:webcalendar:0.9.31
-
cpe:2.3:a:webcalendar:webcalendar:0.9.32
-
cpe:2.3:a:webcalendar:webcalendar:0.9.33
-
cpe:2.3:a:webcalendar:webcalendar:0.9.34
-
cpe:2.3:a:webcalendar:webcalendar:0.9.35
-
cpe:2.3:a:webcalendar:webcalendar:0.9.36
-
cpe:2.3:a:webcalendar:webcalendar:0.9.37
-
cpe:2.3:a:webcalendar:webcalendar:0.9.38
-
cpe:2.3:a:webcalendar:webcalendar:0.9.39
-
cpe:2.3:a:webcalendar:webcalendar:0.9.40
-
cpe:2.3:a:webcalendar:webcalendar:0.9.41
-
cpe:2.3:a:webcalendar:webcalendar:0.9.42
-
cpe:2.3:a:webcalendar:webcalendar:0.9.43
-
cpe:2.3:a:webcalendar:webcalendar:0.9.44
-
cpe:2.3:a:webcalendar:webcalendar:0.9.8