1. CVE-Search
  2. CVE-2001-1258
ID CVE-2001-1258
Summary Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
References
Vulnerable Configurations
  • cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 08-03-2011 - 02:07)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 3083
bugtraq 20010721 IMP 2.2.6 (SECURITY) released
caldera CSSA-2001-027.0
conectiva CLA-2001:410
confirm http://online.securityfocus.com/archive/1/198495
debian DSA-073
xf imp-prefslang-gain-privileges(6906)
Last major update 08-03-2011 - 02:07
Published 21-07-2001 - 04:00
Last modified 08-03-2011 - 02:07
Back to Top