Description
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
Exploits (1)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/418286/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15673
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2702
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19240
Various Sources x_refsource_misc
http://vd.lwang.org/webcalendar_multiple_vulns.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21383
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17848
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1002
Scores
EPSS
0.1648
EPSS Percentile
95.0%
Details
Status
published
Products (1)
webcalendar/webcalendar
1.0.1
Published
Dec 04, 2005
Tracked Since
Feb 18, 2026