Lucene search

[email protected]CVE-2012-0209

HistorySep 25, 2012 - 10:55 p.m.

CVE-2012-0209

2012-09-2522:55:00

CWE-94

[email protected]

web.nvd.nist.gov

111

cve-2012-0209

horde

groupware

webmail

ftp

remote code execution

trojan horse

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.896 High

EPSS

Percentile

98.8%

JSON

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

CPENameOperatorVersion
horde:hordehordeeq3.3.12
horde:groupwarehorde groupwareeq1.2.10

CPE	Name	Operator	Version
horde:horde	horde	eq	3.3.12
horde:groupware	horde groupware	eq	1.2.10

References

dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155

eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/

lists.horde.org/archives/announce/2012/000751.html

packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html

bugzilla.redhat.com/show_bug.cgi?id=790877

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.896 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2012-0209

cvelist1 d21 ubuntucve1 prion1 checkpoint_advisories1 metasploit1 seebug1 openvas2 dsquare1 nessus1 packetstorm1 exploitdb1