Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.80021 |
Categoría: | Web application abuses |
Título: | WebCalendar User Account Enumeration Disclosure Issue |
Resumen: | The version of WebCalendar on the remote host is prone to a user; account enumeration weakness in that in response to login attempts it returns different error messages; depending on whether the user exists or the password is invalid. |
Descripción: | Summary: The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid. Solution: Upgrade to WebCalendar 1.0.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Referencia Cruzada: |
BugTraq ID: 17853 Common Vulnerability Exposure (CVE) ID: CVE-2006-2247 http://www.securityfocus.com/bid/17853 Bugtraq: 20060504 WebCalendar User Account Enumeration Weakness (Google Search) http://www.securityfocus.com/archive/1/433053/100/0/threaded Bugtraq: 20060505 Re: WebCalendar User Account Enumeration Weakness (Google Search) http://www.securityfocus.com/archive/1/433077/100/0/threaded Debian Security Information: DSA-1056 (Google Search) http://www.debian.org/security/2006/dsa-1056 http://www.osvdb.org/25280 http://secunia.com/advisories/19974 http://secunia.com/advisories/20108 XForce ISS Database: webcalendar-user-information-disclosure(26262) https://exchange.xforce.ibmcloud.com/vulnerabilities/26262 |
Copyright | Copyright (C) 2008 David Maciejak |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |