[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3549Date: (C)2006-07-12   (M)2023-12-22


services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1016442
SREASON-1229
BID-18845
http://www.securityfocus.com/archive/1/archive/1/439255/100/0/threaded
SECUNIA-20954
SECUNIA-21459
SECUNIA-27565
ADV-2006-2694
DSA-1406
SUSE-SR:2006:019
http://lists.horde.org/archives/announce/2006/000287.html
http://lists.horde.org/archives/announce/2006/000288.html
http://moritz-naumann.com/adv/0011/hordemulti/0011.txt

CPE    11
cpe:/a:horde:horde_application_framework:3.0.2
cpe:/a:horde:horde_application_framework:3.1.1
cpe:/a:horde:horde_application_framework:3.0.1
cpe:/a:horde:horde_application_framework:3.0.9
...

© SecPod Technologies