The Horde Framework provides a common structure and interface for Horde applications (such as IMP, a web-based mail program). This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with Horde and its modules) please visit http://www.horde.org/. READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR INSTRUCTIONS AND SECURITY! For additional functionality, also install horde-enhanced
{"id": "FEDORA:5A6AF110646", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 13 Update: horde-3.3.8-1.fc13", "description": "The Horde Framework provides a common structure and interface for Horde applications (such as IMP, a web-based mail program). This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with Horde and its modules) please visit http://www.horde.org/. READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR INSTRUCTIONS AND SECURITY! For additional functionality, also install horde-enhanced ", "published": "2010-07-27T02:28:46", "modified": "2010-07-27T02:28:46", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZCT2ODP6667J7MLLJEGGGEP3GW2U267Y/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2010-0463"], "immutableFields": [], "lastseen": "2020-12-21T08:17:50", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0463"]}, {"type": "fedora", "idList": ["FEDORA:53AEF11055E", "FEDORA:5C366110E77", "FEDORA:D126510FAB3"]}, {"type": "nessus", "idList": ["FEDORA_2010-11392.NASL", "FEDORA_2010-11399.NASL", "FEDORA_2010-11432.NASL", "FEDORA_2010-11445.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800288", "OPENVAS:1361412562310862279", "OPENVAS:1361412562310862291", "OPENVAS:1361412562310862292", "OPENVAS:1361412562310862293", "OPENVAS:800288", "OPENVAS:862279", "OPENVAS:862291", "OPENVAS:862292", "OPENVAS:862293"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-0463"]}], "rev": 4}, "score": {"value": 6.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2010-0463"]}, {"type": "fedora", "idList": ["FEDORA:53AEF11055E"]}, {"type": "nessus", "idList": ["FEDORA_2010-11432.NASL", "FEDORA_2010-11445.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800288", "OPENVAS:862279"]}]}, "exploitation": null, "vulnersScore": 6.0}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "13", "arch": "any", "packageName": "horde", "packageVersion": "3.3.8", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"openvas": [{"lastseen": "2017-12-14T11:48:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of horde", "modified": "2017-12-13T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:862292", "href": "http://plugins.openvas.org/nasl.php?oid=862292", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-11392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-11392\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit http://www.horde.org/\n \n READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"horde on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044509.html\");\n script_id(862292);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11392\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for horde FEDORA-2010-11392\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.8~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-21T11:32:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of imp", "modified": "2017-12-20T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:862291", "href": "http://plugins.openvas.org/nasl.php?oid=862291", "type": "openvas", "title": "Fedora Update for imp FEDORA-2010-11399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imp FEDORA-2010-11399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IMP is the Internet Messaging Program, one of the Horde applications.\n It provides webmail access to IMAP and POP3 accounts.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with IMP)\n please visit http://www.horde.org/\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"imp on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044514.html\");\n script_id(862291);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11399\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for imp FEDORA-2010-11399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"imp\", rpm:\"imp~4.3.7~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of horde", "modified": "2017-12-26T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:1361412562310862292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862292", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-11392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-11392\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit http://www.horde.org/\n \n READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"horde on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044509.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862292\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11392\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for horde FEDORA-2010-11392\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.8~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:09:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "This host is running Horde IMP and is prone to Information Disclosure\n vulnerability", "modified": "2017-03-31T00:00:00", "published": "2010-02-04T00:00:00", "id": "OPENVAS:800288", "href": "http://plugins.openvas.org/nasl.php?oid=800288", "type": "openvas", "title": "Horde IMP Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_horde_imp_info_disc_vuln.nasl 5820 2017-03-31 11:20:49Z cfi $\n#\n# Horde IMP Information Disclosure Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to determine the network location\n of the webmail user by logging DNS requests.\n Impact Level: Application.\";\ntag_affected = \"Horde IMP version 4.3.6 and prior.\";\ntag_insight = \"The flaw exists when DNS prefetching of domain names contained in links within\n e-mail messages.\";\ntag_solution = \"Apply the appropriate patch from vendor.\nFor updates refer to http://www.horde.org/\n\n*****\nNOTE: Ignore this warning, if patch is installed.\n*****\";\n\ntag_summary = \"This host is running Horde IMP and is prone to Information Disclosure\n vulnerability\";\n\nif(description)\n{\n script_id(800288);\n script_version(\"$Revision: 5820 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-31 13:20:49 +0200 (Fri, 31 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-04 12:53:38 +0100 (Thu, 04 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Horde IMP Information Disclosure Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://bugs.horde.org/ticket/8836\");\n script_xref(name : \"URL\" , value : \"http://www.security-database.com/detail.php?alert=CVE-2010-0463\");\n script_xref(name : \"URL\" , value : \"https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"horde_detect.nasl\");\n script_family(\"Web application abuses\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nhordePort = get_http_port(default:80);\nhordeVer = get_kb_item(\"www/\" + hordePort + \"/horde\");\nif(!hordeVer) exit(0);\n\nforeach dir( make_list_unique( \"/horde/imp\", \"/Horde/IMP\", cgi_dirs( port:hordePort ) ) ) {\n\n rcvRes = http_get_cache(item:string(dir , \"/test.php\"), port:hordePort );\n\n if(\"imp\" >< rcvRes || \"IMP\" >< rcvRes)\n {\n impVer = eregmatch(pattern:\"IMP: H3 .([0-9.]+)\" , string:rcvRes);\n if(impVer[1] != NULL)\n {\n if(version_is_less_equal(version:impVer[1], test_version:\"4.3.6\"))\n {\n security_message(hordePort);\n exit(0);\n }\n }\n }\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of imp", "modified": "2017-12-25T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:862279", "href": "http://plugins.openvas.org/nasl.php?oid=862279", "type": "openvas", "title": "Fedora Update for imp FEDORA-2010-11432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imp FEDORA-2010-11432\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IMP is the Internet Messaging Program, one of the Horde applications.\n It provides webmail access to IMAP and POP3 accounts.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with IMP)\n please visit http://www.horde.org/\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"imp on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044543.html\");\n script_id(862279);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11432\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for imp FEDORA-2010-11432\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"imp\", rpm:\"imp~4.3.7~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-18T10:58:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of horde", "modified": "2017-12-18T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:862293", "href": "http://plugins.openvas.org/nasl.php?oid=862293", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-11445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-11445\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit http://www.horde.org/\n \n READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"horde on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044558.html\");\n script_id(862293);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11445\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for horde FEDORA-2010-11445\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.8~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-08T12:54:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of horde", "modified": "2018-01-05T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:1361412562310862293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862293", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-11445", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-11445\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit http://www.horde.org/\n \n READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"horde on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044558.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862293\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11445\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for horde FEDORA-2010-11445\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.8~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-05-08T19:11:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "This host is running Horde IMP and is prone to an information disclosure\n vulnerability.", "modified": "2020-05-06T00:00:00", "published": "2010-02-04T00:00:00", "id": "OPENVAS:1361412562310800288", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800288", "type": "openvas", "title": "Horde IMP Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Horde IMP Information Disclosure Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:horde:horde_groupware\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800288\");\n script_version(\"2020-05-06T12:58:00+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 12:58:00 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-02-04 12:53:38 +0100 (Thu, 04 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-0463\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Horde IMP Information Disclosure Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://bugs.horde.org/ticket/8836\");\n script_xref(name:\"URL\", value:\"http://www.security-database.com/detail.php?alert=CVE-2010-0463\");\n script_xref(name:\"URL\", value:\"https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"horde_detect.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"horde/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to determine the network\n location of the webmail user by logging DNS requests.\");\n\n script_tag(name:\"affected\", value:\"Horde IMP version 4.3.6 and prior.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists when DNS prefetching of domain names contained in links\n within e-mail messages.\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate patch from vendor.\");\n\n script_tag(name:\"summary\", value:\"This host is running Horde IMP and is prone to an information disclosure\n vulnerability.\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nforeach dir (make_list_unique(\"/horde/imp\", \"/Horde/IMP\", http_cgi_dirs(port: port))) {\n rcvRes = http_get_cache(item: dir + \"/test.php\", port: port);\n\n if(\"imp\" >< rcvRes || \"IMP\" >< rcvRes) {\n impVer = eregmatch(pattern:\"IMP: H3 .([0-9.]+)\" , string:rcvRes);\n if(!isnull(impVer[1])) {\n if (version_is_less_equal(version: impVer[1], test_version: \"4.3.6\")) {\n security_message(port: port);\n exit(0);\n }\n }\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-18T11:04:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of imp", "modified": "2018-01-17T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:1361412562310862291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862291", "type": "openvas", "title": "Fedora Update for imp FEDORA-2010-11399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imp FEDORA-2010-11399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IMP is the Internet Messaging Program, one of the Horde applications.\n It provides webmail access to IMAP and POP3 accounts.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with IMP)\n please visit http://www.horde.org/\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"imp on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044514.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862291\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11399\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for imp FEDORA-2010-11399\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"imp\", rpm:\"imp~4.3.7~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-25T10:55:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0463"], "description": "Check for the Version of imp", "modified": "2018-01-24T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:1361412562310862279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862279", "type": "openvas", "title": "Fedora Update for imp FEDORA-2010-11432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for imp FEDORA-2010-11432\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IMP is the Internet Messaging Program, one of the Horde applications.\n It provides webmail access to IMAP and POP3 accounts.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with IMP)\n please visit http://www.horde.org/\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"imp on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044543.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862279\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-11432\");\n script_cve_id(\"CVE-2010-0463\");\n script_name(\"Fedora Update for imp FEDORA-2010-11432\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of imp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"imp\", rpm:\"imp~4.3.7~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-09-30T04:13:43", "description": "Upgrade to 3.3.8 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-27T00:00:00", "type": "nessus", "title": "Fedora 13 : horde-3.3.8-1.fc13 (2010-11392)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0463"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-11392.NASL", "href": "https://www.tenable.com/plugins/nessus/47842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11392.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47842);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0463\");\n script_xref(name:\"FEDORA\", value:\"2010-11392\");\n\n script_name(english:\"Fedora 13 : horde-3.3.8-1.fc13 (2010-11392)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.8 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=560140\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044509.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?471fbfce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"horde-3.3.8-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T04:13:59", "description": "Upgrade to 3.3.8 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-27T00:00:00", "type": "nessus", "title": "Fedora 12 : horde-3.3.8-1.fc12 (2010-11445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0463"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11445.NASL", "href": "https://www.tenable.com/plugins/nessus/47847", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11445.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47847);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0463\");\n script_xref(name:\"FEDORA\", value:\"2010-11445\");\n\n script_name(english:\"Fedora 12 : horde-3.3.8-1.fc12 (2010-11445)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.8 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=560140\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d87ac985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"horde-3.3.8-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T04:13:50", "description": "Upgrade to 4.3.7 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-27T00:00:00", "type": "nessus", "title": "Fedora 13 : imp-4.3.7-1.fc13 (2010-11399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0463"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:imp", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-11399.NASL", "href": "https://www.tenable.com/plugins/nessus/47843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11399.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47843);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0463\");\n script_xref(name:\"FEDORA\", value:\"2010-11399\");\n\n script_name(english:\"Fedora 13 : imp-4.3.7-1.fc13 (2010-11399)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 4.3.7 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=560140\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044514.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ae87049\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected imp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"imp-4.3.7-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imp\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T04:14:18", "description": "Upgrade to 4.3.7 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-27T00:00:00", "type": "nessus", "title": "Fedora 12 : imp-4.3.7-1.fc12 (2010-11432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0463"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:imp", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11432.NASL", "href": "https://www.tenable.com/plugins/nessus/47846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11432.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47846);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0463\");\n script_xref(name:\"FEDORA\", value:\"2010-11432\");\n\n script_name(english:\"Fedora 12 : imp-4.3.7-1.fc12 (2010-11432)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 4.3.7 which fixes CVE-2010-0463\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=560140\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27192d31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected imp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"imp-4.3.7-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imp\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:03", "description": "Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS\nprefetching of domain names contained in e-mail messages, which makes it\neasier for remote attackers to determine the network location of the\nwebmail user by logging DNS requests.", "cvss3": {}, "published": "2010-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2010-0463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0463"], "modified": "2010-01-29T00:00:00", "id": "UB:CVE-2010-0463", "href": "https://ubuntu.com/security/CVE-2010-0463", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "IMP is the Internet Messaging Program, one of the Horde applications. It provides webmail access to IMAP and POP3 accounts. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with IMP) please visit http://www.horde.org/. ", "cvss3": {}, "published": "2010-07-27T02:35:17", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: imp-4.3.7-1.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0463"], "modified": "2010-07-27T02:35:17", "id": "FEDORA:D126510FAB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQCN3NX6BC3BKL7DKEI7GEAO34DXARGM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "IMP is the Internet Messaging Program, one of the Horde applications. It provides webmail access to IMAP and POP3 accounts. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with IMP) please visit http://www.horde.org/. ", "cvss3": {}, "published": "2010-07-27T02:41:14", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: imp-4.3.7-1.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0463"], "modified": "2010-07-27T02:41:14", "id": "FEDORA:5C366110E77", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CURNUJFAFXFLG4I3F4JAE7WIQUJXAVHG/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "description": "The Horde Framework provides a common structure and interface for Horde applications (such as IMP, a web-based mail program). This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with Horde and its modules) please visit http://www.horde.org/. READ /usr/share/doc/horde-3.3.8/README.Fedora AFTER INSTALLING FOR INSTRUCTIONS AND SECURITY! For additional functionality, also install horde-enhanced ", "cvss3": {}, "published": "2010-07-27T02:43:15", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: horde-3.3.8-1.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0463"], "modified": "2010-07-27T02:43:15", "id": "FEDORA:53AEF11055E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OF2SGDJFAXCWQQLFAY3S5OOOPDAWNE7Y/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T11:36:21", "description": "Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.", "cvss3": {}, "published": "2010-01-29T18:30:00", "type": "cve", "title": "CVE-2010-0463", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0463"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:horde:imp:4.0.2", "cpe:/a:horde:imp:3.2.2", "cpe:/a:horde:imp:3.2.7", "cpe:/a:horde:imp:4.0.4", "cpe:/a:horde:imp:2.2.8", "cpe:/a:horde:imp:2.3", "cpe:/a:horde:imp:3.2", "cpe:/a:horde:imp:4.3.1", "cpe:/a:horde:imp:4.0.3", "cpe:/a:horde:imp:3.2.6", "cpe:/a:horde:imp:4.0.1", "cpe:/a:horde:imp:4.3.6", "cpe:/a:horde:imp:2.2.2", "cpe:/a:horde:imp:3.2.5", "cpe:/a:horde:imp:3.1", "cpe:/a:horde:imp:2.0", "cpe:/a:horde:imp:4.1.6", "cpe:/a:horde:imp:4.3", "cpe:/a:horde:imp:4.0", "cpe:/a:horde:imp:2.2.1", "cpe:/a:horde:imp:3.1.2", "cpe:/a:horde:imp:4.3.4", "cpe:/a:horde:imp:3.2.3", "cpe:/a:horde:imp:4.1.5", "cpe:/a:horde:imp:4.2.1", "cpe:/a:horde:imp:3.2.4", "cpe:/a:horde:imp:2.2.6", "cpe:/a:horde:imp:2.2.5", "cpe:/a:horde:imp:4.3.5", "cpe:/a:horde:imp:4.2.2", "cpe:/a:horde:imp:3.2.1", "cpe:/a:horde:imp:2.2.4", "cpe:/a:horde:imp:4.3.3", "cpe:/a:horde:imp:2.2", "cpe:/a:horde:imp:3.0", "cpe:/a:horde:imp:2.2.7", "cpe:/a:horde:imp:4.3.2", "cpe:/a:horde:imp:2.2.3", "cpe:/a:horde:imp:4.2", "cpe:/a:horde:imp:4.1.3"], "id": "CVE-2010-0463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0463", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*"]}]}
[SECURITY] Fedora 13 Update: horde-3.3.8-1.fc13
