CVE-2005-3982

medium

Description

CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.

References

http://www.vupen.com/english/advisories/2005/2702

http://www.securityfocus.com/bid/15673

http://www.securityfocus.com/archive/1/418286/100/0/threaded

http://www.osvdb.org/21383

http://www.debian.org/security/2006/dsa-1002

http://vd.lwang.org/webcalendar_multiple_vulns.txt

http://secunia.com/advisories/19240

http://secunia.com/advisories/17848

Details

Source: Mitre, NVD

Published: 2005-12-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N