Lucene search
HistoryMay 09, 2006 - 10:02 a.m.
CVE-2006-2247
cve-2006-2247
webcalendar
remote attackers
username enumeration
6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.012 Low
EPSS
Percentile
84.9%
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
References
Related
debian
debian
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
2006-05-15 00:00:00
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
2006-05-15 06:55:08
nessus
nessus
Debian DSA-1056-1 : webcalendar - verbose error message
2006-10-14 00:00:00
WebCalendar Login Error Message User Account Enumeration
2006-05-16 00:00:00
openvas
openvas
WebCalendar User Account Enumeration Disclosure Issue
2008-10-24 00:00:00
Debian: Security Advisory (DSA-1056-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1056-1 (webcalendar)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-2247
2006-05-09 00:00:00
cvelist
cvelist
CVE-2006-2247
2006-05-09 10:00:00
osv
osv
webcalendar - verbose error message
2006-05-15 00:00:00
prion
prion
Code injection
2006-05-09 10:02:00
6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.012 Low
EPSS
Percentile
84.9%
Related for CVE-2006-2247