CRLF Injection Vulnerability in WebCalendar's login.php Allows HTTP Response Splitting Attacks

CRLF Injection Vulnerability in WebCalendar's login.php Allows HTTP Response Splitting Attacks

CVE-2004-1507 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.

Learn more about our Web App Pen Testing.