WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting

2005-12-01T00:00:00
ID EXPLOITPACK:E6C6BEBA3D722030D7EEB4A43FDA35B9
Type exploitpack
Reporter lwang
Modified 2005-12-01T00:00:00

Description

WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting

                                        
                                            source: https://www.securityfocus.com/bid/15673/info

WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

WebCalendar 1.0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_to]