Vulnerability Details CVE-2005-3982
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.165
EPSS Ranking 94.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/17848
- http://secunia.com/advisories/19240
- http://vd.lwang.org/webcalendar_multiple_vulns.txt
- http://www.debian.org/security/2006/dsa-1002
- http://www.osvdb.org/21383
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.securityfocus.com/bid/15673
- http://www.vupen.com/english/advisories/2005/2702
- http://secunia.com/advisories/17848
- http://secunia.com/advisories/19240
- http://vd.lwang.org/webcalendar_multiple_vulns.txt
- http://www.debian.org/security/2006/dsa-1002
- http://www.osvdb.org/21383
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.securityfocus.com/bid/15673
- http://www.vupen.com/english/advisories/2005/2702
Products affected by CVE-2005-3982
-
cpe:2.3:a:webcalendar:webcalendar:1.0.1