CVE-2011-3814
published 2011-09-24CVE-2011-3814: WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals…
PriorityP411medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.24%
65.5th percentile
WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k5n | webcalendar | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3814 [MEDIUM] CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file
CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3814 to
the following vulnerability:
WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3814
[2] http://www.openwall.com/lists/oss-security/2011/06/27/6
[3] http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README
[4] http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WebCalendar-1.2.3
Discussion:
This issue affects the versions of the WebC
Bugzilla
CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file [fedora-all]
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3814 [MEDIUM] CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file [fedora-all]
CVE-2011-3814 WebCalendar: Installation path disclosure via a direct request to a ws/user_mod.php file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=741288
http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WebCalendar-1.2.3http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2http://www.openwall.com/lists/oss-security/2011/06/27/6http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_READMEhttp://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WebCalendar-1.2.3http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2http://www.openwall.com/lists/oss-security/2011/06/27/6
2011-09-24
Published