漏洞信息详情

漏洞简介

WebCalendar的login.php存在CRLF注入漏洞。远程攻击者通过return_path参数和执行HTTP Response Splitting攻击修改服务器中预期的HTML内容,从而注入CRLF序列。

漏洞公告

It is reported that some, or all of these issues have been corrected in the CVS versions of the package. This has not been confirmed. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

参考网址

来源: XF 名称: webcalendar-response-splitting(18027) 链接:http://xforce.iss.net/xforce/xfdb/18027 来源: BID 名称: 11651 链接:http://www.securityfocus.com/bid/11651 来源: SECUNIA 名称: 13164 链接:http://secunia.com/advisories/13164 来源: BUGTRAQ 名称: 20041109 Multiple Vulnerabilities in WebCalendar 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110011618724455&w=2

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多