header-logo
Suggest Exploit
vendor:
WebCalendar
by:
Unknown
5.5
CVSS
MEDIUM
HTTP Response Splitting
113
CWE
Product Name: WebCalendar
Affected Version From: 1.0.1
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2006-0840
CPE: a:webcalendar:webcalendar:1.0.1
Metasploit:
Other Scripts:
Platforms Tested:
2006

WebCalendar HTTP Response Splitting Vulnerability

The vulnerability exists in the WebCalendar application due to a failure in properly sanitizing user-supplied input. An attacker can exploit this issue by injecting malicious content into the 'ret' parameter of the 'layers_toggle.php' script. This can lead to the manipulation of web content and potentially deceive users.

Mitigation:

It is recommended to upgrade to a patched version of WebCalendar to mitigate this vulnerability. It is also advised to sanitize user input to prevent HTTP response splitting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15673/info

WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

WebCalendar 1.0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_to]

Navigation

Suggest Exploit

Services By CQR