Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200911-01
HistoryNov 06, 2009 - 12:00 a.m.

Horde: Multiple vulnerabilities

2009-11-0600:00:00
Gentoo Foundation
security.gentoo.org
12

0.006 Low

EPSS

Percentile

78.7%

JSON

Background

Horde is a web application framework written in PHP.

Description

Multiple vulnerabilities have been discovered in Horde:

  • Stefan Esser of Sektion1 reported an error within the form library when handling image form fields (CVE-2009-3236).
  • Martin Geisler and David Wharton reported that an error exists in the MIME viewer library when viewing unknown text parts and the preferences system in services/prefs.php when handling number preferences (CVE-2009-3237).

Impact

A remote authenticated attacker could exploit these vulnerabilities to overwrite arbitrary files on the server, provided that the user has write permissions. A remote authenticated attacker could conduct Cross-Site Scripting attacks.

Workaround

There is no known workaround at this time.

Resolution

All Horde users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/horde-3.3.5"

All Horde webmail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/horde-webmail-1.2.4"

All Horde groupware users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/horde-groupware-1.2.4"

Related

openvas 12
nessus 7
cve 2
securityvulns 5
ubuntucve 2
prion 2
debian 2
fedora 3
osv 2
openvas
openvas
Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
2009-11-11 00:00:00
FreeBSD Ports: horde-base
2009-09-15 00:00:00
Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
2009-11-11 00:00:00
nessus
nessus
GLSA-200911-01 : Horde: Multiple vulnerabilities
2009-11-09 00:00:00
openSUSE Security Update : horde (horde-1947)
2010-02-15 00:00:00
Debian DSA-1897-1 : horde3 - insufficient input sanitization
2010-02-24 00:00:00
cve
cve
CVE-2009-3237
2009-09-17 10:30:00
CVE-2009-3236
2009-09-17 10:30:00
securityvulns
securityvulns
[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
2009-09-28 00:00:00
Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability
2009-09-21 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-09-28 00:00:00
ubuntucve
ubuntucve
CVE-2009-3236
2009-09-17 00:00:00
CVE-2009-3237
2009-09-17 00:00:00
prion
prion
Design/Logic Flaw
2009-09-17 10:30:00
Cross site scripting
2009-09-17 10:30:00
debian
debian
[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
2009-09-28 09:59:56
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
2010-01-07 10:33:35
fedora
fedora
[SECURITY] Fedora 11 Update: horde-3.3.6-1.fc11
2010-04-01 01:40:32
[SECURITY] Fedora 12 Update: horde-3.3.6-1.fc12
2010-04-01 01:51:02
[SECURITY] Fedora 13 Update: horde-3.3.6-1.fc13
2010-04-01 17:20:56
osv
osv
horde3 - cross-site scripting
2010-01-07 00:00:00
horde3 - arbitrary code execution
2009-09-28 00:00:00

0.006 Low

EPSS

Percentile

78.7%

JSON
Related for GLSA-200911-01
openvas12nessus7cve2securityvulns5ubuntucve2prion2debian2fedora3osv2