ID CVE-2006-3549
Summary services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
References
Vulnerable Configurations
  • cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 18845
bugtraq 20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues
confirm
debian DSA-1406
misc http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
sectrack 1016442
secunia
  • 20954
  • 21459
  • 27565
sreason 1229
suse SUSE-SR:2006:019
vupen ADV-2006-2694
Last major update 18-10-2018 - 16:47
Published 13-07-2006 - 00:05
Last modified 18-10-2018 - 16:47
Back to Top