Lucene search

[email protected]CVE-2010-0637

HistoryFeb 12, 2010 - 10:30 p.m.

CVE-2010-0637

2010-02-1222:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-0637

csrf

cross-site request forgery

webcalendar

vulnerability

nvd

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP address from posting via unknown vectors. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
k5n:webcalendark5n webcalendareq1.2.0

CPE	Name	Operator	Version
k5n:webcalendar	k5n webcalendar	eq	1.2.0

References

holisticinfosec.org/content/view/133/45/

secunia.com/advisories/38222

webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.3%

JSON

Related for CVE-2010-0637

cvelist1 prion1 ubuntucve1 openvas2