Vulnerabilities > CVE-2006-2247 - Unspecified vulnerability in Webcalendar 1.0.1/1.0.2/1.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1056.NASL description David Maciejak noticed that webcalendar, a PHP-based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames. last seen 2020-06-01 modified 2020-06-02 plugin id 22598 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22598 title Debian DSA-1056-1 : webcalendar - verbose error message code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1056. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22598); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-2247"); script_xref(name:"DSA", value:"1056"); script_name(english:"Debian DSA-1056-1 : webcalendar - verbose error message"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "David Maciejak noticed that webcalendar, a PHP-based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366927" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1056" ); script_set_attribute( attribute:"solution", value: "Upgrade the webcalendar package. The old stable distribution (woody) does not contain a webcalendar package. For the stable distribution (sarge) this problem has been fixed in version 0.9.45-4sarge4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webcalendar"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"webcalendar", reference:"0.9.45-4sarge4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CGI abuses NASL id WEBCALENDAR_INFO_DISCLOSURE.NASL description The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid. last seen 2020-06-01 modified 2020-06-02 plugin id 21566 published 2006-05-16 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21566 title WebCalendar Login Error Message User Account Enumeration code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21566); script_version("1.14"); script_cve_id("CVE-2006-2247"); script_bugtraq_id(17853); script_name(english:"WebCalendar Login Error Message User Account Enumeration"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure issue." ); script_set_attribute(attribute:"description", value: "The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/433053/30/0/threaded" ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/436263/30/0/threaded" ); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fe61fc9" ); script_set_attribute(attribute:"solution", value: "Upgrade to WebCalendar 1.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/05/16"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/04"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for WebCalendar User Account Enumeration Disclosure weakness"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencies("webcalendar_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/webcalendar"); exit(0); } #code include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if (!get_port_state(port)) exit(0); if (!can_host_php(port:port)) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/webcalendar")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { dir = matches[2]; url = string(dir, "/login.php"); req = http_get(item:url, port:port); res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); if (res == NULL) exit(0); if ("webcalendar_session=deleted; expires" >< res && '<input name="login" id="user"' >< res) { postdata=string( "login=nessus", unixtime(), "&", "password=nessus" ); req = string( "POST ", url, " HTTP/1.1\r\n", "Host: ", get_host_name(), "\r\n", "Content-Type: application/x-www-form-urlencoded\r\n", "Content-Length: ", strlen(postdata), "\r\n", "\r\n", postdata ); #display("req='", req, "'.\n"); res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); #display("res='", res, "'.\n"); if (res == NULL) exit(0); if ("Invalid login: no such user" >< res) { security_warning(port); } } }
References
- http://secunia.com/advisories/19974
- http://secunia.com/advisories/20108
- http://www.debian.org/security/2006/dsa-1056
- http://www.osvdb.org/25280
- http://www.securityfocus.com/archive/1/433053/100/0/threaded
- http://www.securityfocus.com/archive/1/433077/100/0/threaded
- http://www.securityfocus.com/bid/17853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26262