Vulnerability Description
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webcalendar | Webcalendar | 1.0.1 |
References
- http://secunia.com/advisories/17848PatchVendor Advisory
- http://secunia.com/advisories/19240PatchVendor Advisory
- http://vd.lwang.org/webcalendar_multiple_vulns.txt
- http://www.debian.org/security/2006/dsa-1002PatchVendor Advisory
- http://www.osvdb.org/21383
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.securityfocus.com/bid/15673
- http://www.vupen.com/english/advisories/2005/2702
- http://secunia.com/advisories/17848PatchVendor Advisory
- http://secunia.com/advisories/19240PatchVendor Advisory
- http://vd.lwang.org/webcalendar_multiple_vulns.txt
- http://www.debian.org/security/2006/dsa-1002PatchVendor Advisory
- http://www.osvdb.org/21383
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.securityfocus.com/bid/15673
FAQ
What is CVE-2005-3982?
CVE-2005-3982 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is u...
How severe is CVE-2005-3982?
CVE-2005-3982 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3982?
Check the references section above for vendor advisories and patch information. Affected products include: Webcalendar Webcalendar.