Lucene search

[email protected]NVD:CVE-2009-3701

HistoryDec 21, 2009 - 4:30 p.m.

CVE-2009-3701

2009-12-2116:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.

Affected configurations

NVD

Node

hordeapplication_frameworkRange≤3.3.5

hordeapplication_frameworkMatch2.0

hordeapplication_frameworkMatch2.1

hordeapplication_frameworkMatch2.1.3

hordeapplication_frameworkMatch2.2

hordeapplication_frameworkMatch2.2.1

hordeapplication_frameworkMatch2.2.3

hordeapplication_frameworkMatch2.2.4

hordeapplication_frameworkMatch2.2.4_rc1

hordeapplication_frameworkMatch2.2.5

hordeapplication_frameworkMatch2.2.6

hordeapplication_frameworkMatch3.0

hordeapplication_frameworkMatch3.0.1

hordeapplication_frameworkMatch3.0.2

hordeapplication_frameworkMatch3.0.3

hordeapplication_frameworkMatch3.0.4

hordeapplication_frameworkMatch3.0.6

hordeapplication_frameworkMatch3.0.7

hordeapplication_frameworkMatch3.0.8

hordeapplication_frameworkMatch3.0.9

hordeapplication_frameworkMatch3.1

hordeapplication_frameworkMatch3.1.1

hordeapplication_frameworkMatch3.2

hordeapplication_frameworkMatch3.2.1

hordeapplication_frameworkMatch3.2.2

hordeapplication_frameworkMatch3.2.3

hordeapplication_frameworkMatch3.2.4

hordeapplication_frameworkMatch3.3

hordeapplication_frameworkMatch3.3.1

hordeapplication_frameworkMatch3.3.2

hordeapplication_frameworkMatch3.3.3

hordeapplication_frameworkMatch3.3.4

hordegroupwareRange≤1.2.4

hordegroupwareMatch1.0

hordegroupwareMatch1.0.1

hordegroupwareMatch1.0.2

hordegroupwareMatch1.0.3

hordegroupwareMatch1.0.4

hordegroupwareMatch1.0.5

hordegroupwareMatch1.1

hordegroupwareMatch1.1.1

hordegroupwareMatch1.1.2

hordegroupwareMatch1.1.3

hordegroupwareMatch1.1.4

hordegroupwareMatch1.1.5

hordegroupwareMatch1.2

hordegroupwareMatch1.2rc1

hordegroupwareMatch1.2.1

hordegroupwareMatch1.2.2

hordegroupwareMatch1.2.3

Node

hordegroupwareRange≤1.2.4

hordegroupwareMatch1.0

hordegroupwareMatch1.0rc1

hordegroupwareMatch1.0rc2

hordegroupwareMatch1.0.1

hordegroupwareMatch1.0.2

hordegroupwareMatch1.0.3

hordegroupwareMatch1.0.4

hordegroupwareMatch1.0.5

hordegroupwareMatch1.0.6

hordegroupwareMatch1.0.7

hordegroupwareMatch1.0.8

hordegroupwareMatch1.1

hordegroupwareMatch1.1rc1

hordegroupwareMatch1.1rc2

hordegroupwareMatch1.1rc3

hordegroupwareMatch1.1rc4

hordegroupwareMatch1.1.1

hordegroupwareMatch1.1.2

hordegroupwareMatch1.1.3

hordegroupwareMatch1.1.4

hordegroupwareMatch1.1.5

hordegroupwareMatch1.1.6

hordegroupwareMatch1.2

hordegroupwareMatch1.2rc1

hordegroupwareMatch1.2.1

hordegroupwareMatch1.2.2

hordegroupwareMatch1.2.3

hordegroupwareMatch1.2.3rc1

References

archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html

cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h

lists.horde.org/archives/announce/2009/000529.html

marc.info/?l=horde-announce&m=126100750018478&w=2

marc.info/?l=horde-announce&m=126101076422179&w=2

secunia.com/advisories/37709

secunia.com/advisories/37823

securitytracker.com/id?1023365

www.securityfocus.com/archive/1/508531/100/0/threaded

www.securityfocus.com/bid/37351

www.vupen.com/english/advisories/2009/3549

www.vupen.com/english/advisories/2009/3572

exchange.xforce.ibmcloud.com/vulnerabilities/54817

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for NVD:CVE-2009-3701

cve1 securityvulns3 prion1 seebug3 exploitpack1 packetstorm1 ubuntucve1 cvelist1 exploitdb1 nessus5 openvas6 debian1 osv1 fedora3