Arbitrary Code Execution via CalDAV PUT Operation with Long iCalendar Property Name
CVE-2019-11356 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
Learn more about our Web Application Penetration Testing UK.