Lucene search
HistoryJul 19, 2005 - 4:00 a.m.
CVE-2005-2320
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.004
Percentile
75.3%
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Affected configurations
Node
webcalendarwebcalendarMatch0.9.8
ORwebcalendarwebcalendarMatch0.9.11
ORwebcalendarwebcalendarMatch0.9.15
ORwebcalendarwebcalendarMatch0.9.16
ORwebcalendarwebcalendarMatch0.9.19
ORwebcalendarwebcalendarMatch0.9.20
ORwebcalendarwebcalendarMatch0.9.21
ORwebcalendarwebcalendarMatch0.9.22
ORwebcalendarwebcalendarMatch0.9.23
ORwebcalendarwebcalendarMatch0.9.24
ORwebcalendarwebcalendarMatch0.9.25
ORwebcalendarwebcalendarMatch0.9.26
ORwebcalendarwebcalendarMatch0.9.27
ORwebcalendarwebcalendarMatch0.9.28
ORwebcalendarwebcalendarMatch0.9.29
ORwebcalendarwebcalendarMatch0.9.30
ORwebcalendarwebcalendarMatch0.9.31
ORwebcalendarwebcalendarMatch0.9.32
ORwebcalendarwebcalendarMatch0.9.33
ORwebcalendarwebcalendarMatch0.9.34
ORwebcalendarwebcalendarMatch0.9.35
ORwebcalendarwebcalendarMatch0.9.36
ORwebcalendarwebcalendarMatch0.9.37
ORwebcalendarwebcalendarMatch0.9.38
ORwebcalendarwebcalendarMatch0.9.39
ORwebcalendarwebcalendarMatch0.9.40
ORwebcalendarwebcalendarMatch0.9.41
ORwebcalendarwebcalendarMatch0.9.42
ORwebcalendarwebcalendarMatch0.9.43
ORwebcalendarwebcalendarMatch0.9.44
ORwebcalendarwebcalendarMatch0.9.45
ORwebcalendarwebcalendarMatch0.9.50
ORwebcalendarwebcalendarMatch1.0.0rc1
ORwebcalendarwebcalendarMatch1.0.0rc2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| webcalendar | webcalendar | 0.9.8 | cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.11 | cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.15 | cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.16 | cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.19 | cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.20 | cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.21 | cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.22 | cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.23 | cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:* |
| webcalendar | webcalendar | 0.9.24 | cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:* |
References
Related
ubuntucve
ubuntucve
CVE-2005-2320
2005-07-19 00:00:00
openvas
openvas
FreeBSD Ports: WebCalendar
2008-09-04 00:00:00
Debian: Security Advisory (DSA-766-1)
2008-01-17 00:00:00
FreeBSD Ports: WebCalendar
2008-09-04 00:00:00
nessus
nessus
FreeBSD : WebCalendar -- unauthorized access vulnerability (07ead557-a220-11da-b410-000e0c2e438a)
2006-05-13 00:00:00
Debian DSA-766-1 : webcalendar - authorisation failure
2005-07-31 00:00:00
WebCalendar assistant_edit.php Unauthorized Access
2005-06-28 00:00:00
freebsd
freebsd
WebCalendar -- unauthorized access vulnerability
2005-06-27 00:00:00
cvelist
cvelist
CVE-2005-2320
2005-07-19 04:00:00
debian
debian
[SECURITY] [DSA 766-1] New webcalendar package fixes information disclosure
2005-07-27 06:22:47
[SECURITY] [DSA 766-1] New webcalendar package fixes information disclosure
2005-07-27 06:22:47
cve
cve
CVE-2005-2320
2005-07-19 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.004
Percentile
75.3%
Related for NVD:CVE-2005-2320