| VID |
21396 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WebCalendar program, according to its version number, has multiple remote vulnerabilities.
WebCalendar is a graphical PHP application used to maintain a calendar for a single user or an intranet group of users. WebCalendar versions 0.9.44 and earlier contain multiple cross-site scripting vulnerabilities, an HTTP response splitting vulnerability, an SQL Injection vulnerability, and two authentication bypass vulnerabilities in many different scripts. A remote attacker could send a specially-crafted URL request to gain unauthorized access to the program.
* Note: If this check solely relied on the version number of the remote WebCalendar program to assess this vulnerability, then this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/380821
http://packetstormsecurity.nl/0411-exploits/webcalendar.txt
* Platforms Affected:
Craig Knudsen, WebCalendar 0.9.44 and earlier
Linux Any version
Microsoft Windows Any version
Unix Any version |
| Recommendation |
Upgrade to the latest CVS version of WebCalendar, available from the SourceForge Web site at http://sourceforge.net/projects/webcalendar/ |
| Related URL |
CVE-2004-1506,CVE-2004-1507,CVE-2004-1508,CVE-2004-1509,CVE-2004-1510 (CVE) |
| Related URL |
11651 (SecurityFocus) |
| Related URL |
18026,18027,18028,18029,18030 (ISS) |
|
