Lucene search
MitreCVE-2004-1509HistoryFeb 19, 2005 - 5:00 a.m.
CVE-2004-1509
2005-02-1905:00:00
mitre
web.nvd.nist.gov
24
cve
webcalendar
validate.php
sensitive information disclosure
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
75.9%
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.
Affected configurations
Node
webcalendarwebcalendarMatch0.9.8
ORwebcalendarwebcalendarMatch0.9.11
ORwebcalendarwebcalendarMatch0.9.15
ORwebcalendarwebcalendarMatch0.9.16
ORwebcalendarwebcalendarMatch0.9.19
ORwebcalendarwebcalendarMatch0.9.20
ORwebcalendarwebcalendarMatch0.9.21
ORwebcalendarwebcalendarMatch0.9.22
ORwebcalendarwebcalendarMatch0.9.23
ORwebcalendarwebcalendarMatch0.9.24
ORwebcalendarwebcalendarMatch0.9.25
ORwebcalendarwebcalendarMatch0.9.26
ORwebcalendarwebcalendarMatch0.9.27
ORwebcalendarwebcalendarMatch0.9.28
ORwebcalendarwebcalendarMatch0.9.29
ORwebcalendarwebcalendarMatch0.9.30
ORwebcalendarwebcalendarMatch0.9.31
ORwebcalendarwebcalendarMatch0.9.32
ORwebcalendarwebcalendarMatch0.9.33
ORwebcalendarwebcalendarMatch0.9.34
ORwebcalendarwebcalendarMatch0.9.35
ORwebcalendarwebcalendarMatch0.9.36
ORwebcalendarwebcalendarMatch0.9.37
ORwebcalendarwebcalendarMatch0.9.38
ORwebcalendarwebcalendarMatch0.9.39
ORwebcalendarwebcalendarMatch0.9.40
ORwebcalendarwebcalendarMatch0.9.41
ORwebcalendarwebcalendarMatch0.9.42
ORwebcalendarwebcalendarMatch0.9.43
ORwebcalendarwebcalendarMatch0.9.44
| Vendor | Product | Version | CPE |
|---|---|---|---|
| webcalendar | webcalendar | 0.9.8 | cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.11 | cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.15 | cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.16 | cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.19 | cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.20 | cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.21 | cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.22 | cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.23 | cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.24 | cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-1509
2005-02-19 05:00:00
nvd
nvd
CVE-2004-1509
2004-12-31 05:00:00
openvas
openvas
WebCalendar SQL Injection
2005-11-03 00:00:00
WebCalendar SQL Injection (Nov 2005) - Active Check
2005-11-03 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
75.9%
Related for CVE-2004-1509