Search...

Debian Security Advisory DSA 1966-1 (horde3)

2010-01-11T00:00:00

ID OPENVAS:136141256231066657
Type openvas
Reporter Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
Modified 2017-12-21T00:00:00

Description

The remote host is missing an update to horde3 announced via advisory DSA 1966-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1966_1.nasl 8207 2017-12-21 07:30:12Z teissa $
# Description: Auto-generated from advisory DSA 1966-1 (horde3)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Several vulnerabilities have been found in horde3, the horde web application
framework. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-3237

It has been discovered that horde3 is prone to cross-site scripting
attacks via crafted number preferences or inline MIME text parts when
using text/plain as MIME type.
For lenny this issue was already fixed, but as an additional security
precaution, the display of inline text was disabled in the configuration
file.

CVE-2009-3701

It has been discovered that the horde3 administration interface is prone
to cross-site scripting attacks due to the use of the PHP_SELF variable.
This issue can only be exploited by authenticated administrators.

CVE-2009-4363

It has been discovered that horde3 is prone to several cross-site
scripting attacks via crafted data:text/html values in HTML messages.


For the stable distribution (lenny), these problems have been fixed in
version 3.2.2+debian0-2+lenny2.

For the oldstable distribution (etch), these problems have been fixed in
version 3.1.3-4etch7.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 3.3.6+debian0-1.


We recommend that you upgrade your horde3 packages.";
tag_summary = "The remote host is missing an update to horde3
announced via advisory DSA 1966-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201966-1";


if(description)
{
 script_oid("1.3.6.1.4.1.25623.1.0.66657");
 script_version("$Revision: 8207 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $");
 script_tag(name:"creation_date", value:"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)");
 script_cve_id("CVE-2009-3237", "CVE-2009-3701", "CVE-2009-4363");
 script_tag(name:"cvss_base", value:"4.3");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_name("Debian Security Advisory DSA 1966-1 (horde3)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.1.3-4etch7", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.2.2+debian0-2+lenny2", rls:"DEB5.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"pluginID": "136141256231066657", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1966_1.nasl 8207 2017-12-21 07:30:12Z teissa $\n# Description: Auto-generated from advisory DSA 1966-1 (horde3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3237\n\nIt has been discovered that horde3 is prone to cross-site scripting\nattacks via crafted number preferences or inline MIME text parts when\nusing text/plain as MIME type.\nFor lenny this issue was already fixed, but as an additional security\nprecaution, the display of inline text was disabled in the configuration\nfile.\n\nCVE-2009-3701\n\nIt has been discovered that the horde3 administration interface is prone\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\nThis issue can only be exploited by authenticated administrators.\n\nCVE-2009-4363\n\nIt has been discovered that horde3 is prone to several cross-site\nscripting attacks via crafted data:text/html values in HTML messages.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch7.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.6+debian0-1.\n\n\nWe recommend that you upgrade your horde3 packages.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201966-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66657\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)\");\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1966-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.2.2+debian0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "history": [], "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.", "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066657", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a0d96c938ff00c5214b38507903dc5c3"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "d449dcd7c154806f47efa08dbdf0f7e9"}, {"key": "href", "hash": "c549a5009eab22acbd41cb328db51252"}, {"key": "modified", "hash": "f049c9e8a6ef309ddd5ec6037c005a45"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "5bdcfa650ac3c4351fca1b782d35f2e5"}, {"key": "published", "hash": "ef8d54e4e607ea882c9bdd8018184d27"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7881f1f14ba7327b744ea154202aac85"}, {"key": "sourceData", "hash": "7dabc40c7655367fc7076b2f257281d8"}, {"key": "title", "hash": "f351128f831fd4da144bf7780404db37"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": [], "lastseen": "2018-01-02T10:54:03", "published": "2010-01-11T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "id": "OPENVAS:136141256231066657", "hash": "50854c5a0a3084b48c1edd9d2e17a630b463558bd6cf3051c9fd40ef9cda82f3", "modified": "2017-12-21T00:00:00", "title": "Debian Security Advisory DSA 1966-1 (horde3)", "edition": 1, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "scanner", "enchantments": {"vulnersScore": 4.3}}

{"result": {"cve": [{"id": "CVE-2009-3701", "type": "cve", "title": "CVE-2009-3701", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.", "published": "2009-12-21T11:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3701", "cvelist": ["CVE-2009-3701"], "lastseen": "2017-08-17T11:14:30"}, {"id": "CVE-2009-4363", "type": "cve", "title": "CVE-2009-4363", "description": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\"", "published": "2009-12-21T11:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4363", "cvelist": ["CVE-2009-4363"], "lastseen": "2016-09-03T13:09:48"}, {"id": "CVE-2009-3237", "type": "cve", "title": "CVE-2009-3237", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php).", "published": "2009-09-17T06:30:01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3237", "cvelist": ["CVE-2009-3237"], "lastseen": "2017-08-17T11:14:28"}], "exploitdb": [{"id": "EDB-ID:33407", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS", "description": "Horde 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "published": "2009-12-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33407/", "cvelist": ["CVE-2009-3701"], "lastseen": "2016-02-03T19:07:56"}, {"id": "EDB-ID:33408", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS", "description": "Horde 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "published": "2009-12-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33408/", "cvelist": ["CVE-2009-3701"], "lastseen": "2016-02-03T19:08:03"}, {"id": "EDB-ID:10512", "type": "exploitdb", "title": "Horde 3.3.5 - \"PHP_SELF\" XSS Vulnerability", "description": "Horde 3.3.5 \"PHP_SELF\" XSS vulnerability. CVE-2009-3701. Webapps exploit for php platform", "published": "2009-12-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/10512/", "cvelist": ["CVE-2009-3701"], "lastseen": "2016-02-01T12:38:59"}, {"id": "EDB-ID:33406", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS", "description": "Horde 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "published": "2009-12-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33406/", "cvelist": ["CVE-2009-3701"], "lastseen": "2016-02-03T19:07:49"}], "seebug": [{"id": "SSV:18575", "type": "seebug", "title": "Horde 3.3.5 ""PHP_SELF"" XSS vulnerability", "description": "No description provided by source.", "published": "2009-12-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-18575", "cvelist": ["CVE-2009-3701"], "lastseen": "2017-11-19T18:24:41"}, {"id": "SSV:67207", "type": "seebug", "title": "Horde 3.3.5 - \"PHP_SELF\" XSS vulnerability", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-67207", "cvelist": ["CVE-2009-3701"], "lastseen": "2017-11-19T15:33:42"}, {"id": "SSV:15130", "type": "seebug", "title": "Horde\u5e94\u7528\u6846\u67b6\u7ba1\u7406\u754c\u9762PHP_SELF\u53c2\u6570\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "description": "BUGTRAQ ID: 37351\r\nCVE ID: CVE-2009-3701\r\n\r\nHorde Framework\u662f\u4e2a\u4ee5PHP\u4e3a\u57fa\u7840\u7684\u67b6\u6784\uff0c\u7528\u4e8e\u521b\u5efa\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nHorde\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u901a\u8fc7URL\u63d0\u4ea4\u7ed9admin/phpshell.php\u3001admin/cmdshell.php\u548cadmin /sqlshell.php\u7684PHP_SELF\u53c2\u6570\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nHorde Horde 3.x\r\nHorde Groupware 1.2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nHorde\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.5.tar.gz\r\nhttp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.5.tar.gz\r\nhttp://ftp.horde.org/pub/horde/horde-3.3.6.tar.gz", "published": "2009-12-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-15130", "cvelist": ["CVE-2009-3701"], "lastseen": "2017-11-19T18:20:24"}], "packetstorm": [{"id": "PACKETSTORM:84003", "type": "packetstorm", "title": "Horde 3.3.5 Cross Site Scripting", "description": "", "published": "2009-12-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://packetstormsecurity.com/files/84003/Horde-3.3.5-Cross-Site-Scripting.html", "cvelist": ["CVE-2009-3701"], "lastseen": "2016-12-05T22:16:33"}], "nessus": [{"id": "DEBIAN_DSA-1966.NASL", "type": "nessus", "title": "Debian DSA-1966-1 : horde3 - insufficient input sanitising", "description": "Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file.\n\n - CVE-2009-3701 It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators.\n\n - CVE-2009-4363 It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.", "published": "2010-02-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44831", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "lastseen": "2017-10-29T13:38:19"}, {"id": "SUSE_11_0_HORDE-100210.NASL", "type": "nessus", "title": "openSUSE Security Update : horde (horde-1947)", "description": "This update of horde fixes :\n\n - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite arbitrary files and execute PHP code\n\n - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site Scripting (XSS)\n\n - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site Scripting (XSS)\n\n - CVE-2009-4363: CVSS v2 Base Score: 4.3: Cross-Site Scripting (XSS)", "published": "2010-02-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44607", "cvelist": ["CVE-2009-3701", "CVE-2009-3236", "CVE-2009-4363", "CVE-2009-3237"], "lastseen": "2017-10-29T13:45:14"}, {"id": "FEDORA_2010-5520.NASL", "type": "nessus", "title": "Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47395", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2017-10-29T13:45:27"}, {"id": "FEDORA_2010-5483.NASL", "type": "nessus", "title": "Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47390", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2017-10-29T13:40:36"}, {"id": "FEDORA_2010-5563.NASL", "type": "nessus", "title": "Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47404", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2017-10-29T13:43:36"}, {"id": "GENTOO_GLSA-200911-01.NASL", "type": "nessus", "title": "GLSA-200911-01 : Horde: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200911-01 (Horde: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Horde:\n Stefan Esser of Sektion1 reported an error within the form library when handling image form fields (CVE-2009-3236).\n Martin Geisler and David Wharton reported that an error exists in the MIME viewer library when viewing unknown text parts and the preferences system in services/prefs.php when handling number preferences (CVE-2009-3237).\n Impact :\n\n A remote authenticated attacker could exploit these vulnerabilities to overwrite arbitrary files on the server, provided that the user has write permissions. A remote authenticated attacker could conduct Cross-Site Scripting attacks.\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-11-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=42415", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2017-10-29T13:36:17"}], "debian": [{"id": "DSA-1966", "type": "debian", "title": "horde3 -- insufficient input sanitising", "description": "Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-3237](<https://security-tracker.debian.org/tracker/CVE-2009-3237>)\n\nIt has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file.\n\n * [CVE-2009-3701](<https://security-tracker.debian.org/tracker/CVE-2009-3701>)\n\nIt has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators.\n\n * [CVE-2009-4363](<https://security-tracker.debian.org/tracker/CVE-2009-4363>)\n\nIt has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.\n\nFor the stable distribution (lenny), these problems have been fixed in version 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed in version 3.1.3-4etch7.\n\nFor the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 3.3.6+debian0-1.\n\nWe recommend that you upgrade your horde3 packages.", "published": "2010-01-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-1966", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "lastseen": "2016-09-02T18:28:03"}], "openvas": [{"id": "OPENVAS:66657", "type": "openvas", "title": "Debian Security Advisory DSA 1966-1 (horde3)", "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.", "published": "2010-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66657", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "lastseen": "2017-07-24T12:49:04"}, {"id": "OPENVAS:1361412562310861819", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-5520", "description": "Check for the Version of horde", "published": "2010-04-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861819", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2018-01-06T13:05:10"}, {"id": "OPENVAS:861827", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-5483", "description": "Check for the Version of horde", "published": "2010-04-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861827", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2018-01-02T10:54:35"}, {"id": "OPENVAS:1361412562310861827", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-5483", "description": "Check for the Version of horde", "published": "2010-04-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861827", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2018-01-26T11:05:49"}, {"id": "OPENVAS:861819", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-5520", "description": "Check for the Version of horde", "published": "2010-04-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861819", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "lastseen": "2017-12-15T11:58:09"}, {"id": "OPENVAS:64893", "type": "openvas", "title": "FreeBSD Ports: horde-base", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-09-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64893", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2017-07-02T21:14:10"}, {"id": "OPENVAS:66148", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200911-01.", "published": "2009-11-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66148", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2017-07-24T12:56:56"}, {"id": "OPENVAS:136141256231066148", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200911-01.", "published": "2009-11-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066148", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2018-04-06T11:39:47"}, {"id": "OPENVAS:136141256231064893", "type": "openvas", "title": "FreeBSD Ports: horde-base", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-09-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064893", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2018-04-06T11:39:44"}], "gentoo": [{"id": "GLSA-200911-01", "type": "gentoo", "title": "Horde: Multiple vulnerabilities", "description": "### Background\n\nHorde is a web application framework written in PHP. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Horde: \n\n * Stefan Esser of Sektion1 reported an error within the form library when handling image form fields (CVE-2009-3236).\n * Martin Geisler and David Wharton reported that an error exists in the MIME viewer library when viewing unknown text parts and the preferences system in services/prefs.php when handling number preferences (CVE-2009-3237).\n\n### Impact\n\nA remote authenticated attacker could exploit these vulnerabilities to overwrite arbitrary files on the server, provided that the user has write permissions. A remote authenticated attacker could conduct Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Horde users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-3.3.5\"\n\nAll Horde webmail users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-webmail-1.2.4\"\n\nAll Horde groupware users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-groupware-1.2.4\"", "published": "2009-11-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://security.gentoo.org/glsa/200911-01", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "lastseen": "2016-09-06T19:46:59"}]}}