Summary
The remote web server is affected by an information disclosure issue.
Description:
The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid.
Solution
Upgrade to WebCalendar 1.0.4 or later.
CVSS Base Score : 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Severity
Classification
-
CVE CVE-2006-2247 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability