1.0.3

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

webcalendar

nessus

NVD

Published: 2006-05-09

Updated: 2018-10-18

Summary

WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

Vulnerable Configurations

Part	Description	Count
Application	Webcalendar Webcalendar Webcalendar 1.0.1 Webcalendar Webcalendar 1.0.2 Webcalendar Webcalendar 1.0.3	3

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1056.NASL
description	David Maciejak noticed that webcalendar, a PHP-based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames.
last seen	2020-06-01
modified	2020-06-02
plugin id	22598
published	2006-10-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22598
title	Debian DSA-1056-1 : webcalendar - verbose error message
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1056. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22598); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-2247"); script_xref(name:"DSA", value:"1056"); script_name(english:"Debian DSA-1056-1 : webcalendar - verbose error message"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "David Maciejak noticed that webcalendar, a PHP-based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366927" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1056" ); script_set_attribute( attribute:"solution", value: "Upgrade the webcalendar package. The old stable distribution (woody) does not contain a webcalendar package. For the stable distribution (sarge) this problem has been fixed in version 0.9.45-4sarge4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webcalendar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"webcalendar", reference:"0.9.45-4sarge4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CGI abuses
NASL id	WEBCALENDAR_INFO_DISCLOSURE.NASL
description	The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid.
last seen	2020-06-01
modified	2020-06-02
plugin id	21566
published	2006-05-16
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21566
title	WebCalendar Login Error Message User Account Enumeration
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21566); script_version("1.14"); script_cve_id("CVE-2006-2247"); script_bugtraq_id(17853); script_name(english:"WebCalendar Login Error Message User Account Enumeration"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure issue." ); script_set_attribute(attribute:"description", value: "The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/433053/30/0/threaded" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/436263/30/0/threaded" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fe61fc9" ); script_set_attribute(attribute:"solution", value: "Upgrade to WebCalendar 1.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/05/16"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/04"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for WebCalendar User Account Enumeration Disclosure weakness"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencies("webcalendar_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/webcalendar"); exit(0); } #code include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if (!get_port_state(port)) exit(0); if (!can_host_php(port:port)) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/webcalendar")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { dir = matches[2]; url = string(dir, "/login.php"); req = http_get(item:url, port:port); res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); if (res == NULL) exit(0); if ("webcalendar_session=deleted; expires" >< res && '<input name="login" id="user"' >< res) { postdata=string( "login=nessus", unixtime(), "&", "password=nessus" ); req = string( "POST ", url, " HTTP/1.1\r\n", "Host: ", get_host_name(), "\r\n", "Content-Type: application/x-www-form-urlencoded\r\n", "Content-Length: ", strlen(postdata), "\r\n", "\r\n", postdata ); #display("req='", req, "'.\n"); res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); #display("res='", res, "'.\n"); if (res == NULL) exit(0); if ("Invalid login: no such user" >< res) { security_warning(port); } } }

Summary

Vulnerable Configurations

Nessus

References