WebCalendar多个远程漏洞

WebCalendar的login.php存在CRLF注入漏洞。远程攻击者通过return_path参数和执行HTTP Response Splitting攻击修改服务器中预期的HTML内容，从而注入CRLF序列。

It is reported that some, or all of these issues have been corrected in the CVS versions of the package. This has not been confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: webcalendar-response-splitting(18027)
链接:http://xforce.iss.net/xforce/xfdb/18027

来源: BID
名称: 11651
链接:http://www.securityfocus.com/bid/11651

来源: SECUNIA
名称: 13164
链接:http://secunia.com/advisories/13164

来源: BUGTRAQ
名称: 20041109 Multiple Vulnerabilities in WebCalendar
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110011618724455&w=2