Lucene search
HistoryMay 09, 2006 - 10:02 a.m.
CVE-2006-2247
cve-2006-2247
webcalendar
remote attackers
username enumeration
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.0%
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
Affected configurations
Node
webcalendarwebcalendarMatch1.0.1
ORwebcalendarwebcalendarMatch1.0.2
ORwebcalendarwebcalendarMatch1.0.3
References
Related
debian
debian
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
2006-05-15 06:55:08
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
2006-05-15 06:55:08
openvas
openvas
Debian: Security Advisory (DSA-1056-1)
2008-01-17 00:00:00
WebCalendar User Account Enumeration Disclosure Issue
2008-10-24 00:00:00
Debian Security Advisory DSA 1056-1 (webcalendar)
2008-01-17 00:00:00
cvelist
cvelist
CVE-2006-2247
2006-05-09 10:00:00
nessus
nessus
Debian DSA-1056-1 : webcalendar - verbose error message
2006-10-14 00:00:00
WebCalendar Login Error Message User Account Enumeration
2006-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2006-2247
2006-05-09 00:00:00
nvd
nvd
CVE-2006-2247
2006-05-09 10:02:00
osv
osv
webcalendar - verbose error message
2006-05-15 00:00:00
prion
prion
Code injection
2006-05-09 10:02:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.0%
Related for CVE-2006-2247