The attached word document contains the vulnerabilities in client and server implementation of the iCalendar specification. ws-calendar-1.0-spec-cd-01.pdf mentions "CalWS is a web services calendar access API developed by The Calendaring and Scheduling Consortium and the OASIS organization, to be used as part of the Oasis WS-Calendar standard. It provides an API to access and manipulate calendar data stored on a server. It follows a similar data model to CalDAV and has been designed to co-exist with a CalDAV service offering the same data." It also states "CalDAV is a calendar access protocol and is defined in RFC 4791. The protocol is based on WebDAV which is an extension to HTTP that provides enhanced capabilities for document management on web servers." It sounds like CalWS is derivative of CalDAV, which is derivative of WebDAV. We currently have 26 filters that deal with various vulnerabilities in WebDAV. I believe a lot of them are specific to how various vendors implemented the RFC for WebDAV (File will be submitted with comments: iCalendarVulnerability20101018.docx)