WebCalendar User Account Enumeration Disclosure Issue Network Vulnerability

Summary

The remote web server is affected by an information disclosure issue. Description: The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid.

Solution

Upgrade to WebCalendar 1.0.4 or later. CVSS Base Score : 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

References

http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=423010
http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-2247

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
AlienForm CGI script
Apache Continuum Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Take action and discover your vulnerabilities