Release DateApr 15, 2008 |
Severityhigh |
ImpactSecurity Bypass. |
DescriptionThis indicates an attempt to exploit a cross site scripting (XSS) vulnerability in the ACal Calendar Project.The vulnerability is due to an error in the "login.php" script. The script relies on the "ACalAuthenticate" cookie parameter to determine if a user has been successfully authenticated. This can be exploited by remote attackers to bypass the authentication process and gain unauthorized access to the application, by setting the "ACalAuthenticate" parameter to "inside". |
Affected ProductsACal Project 2.2.5 |
Recommended ActionsUpgrade to the latest version of ACal Project (2.2.6 or later):http://sourceforge.net/projects/acalproj. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0182 |
Reference/shttp://www.frsirt.com/english/advisories/2006/0152 (FrSIRT) |
