Search...

Debian Security Advisory DSA 1966-1 (horde3)

2010-01-11T00:00:00

ID OPENVAS:136141256231066657
Type openvas
Reporter Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
Modified 2017-12-21T00:00:00

Description

The remote host is missing an update to horde3 announced via advisory DSA 1966-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_1966_1.nasl 8207 2017-12-21 07:30:12Z teissa $
# Description: Auto-generated from advisory DSA 1966-1 (horde3)
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Several vulnerabilities have been found in horde3, the horde web application
framework. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-3237

It has been discovered that horde3 is prone to cross-site scripting
attacks via crafted number preferences or inline MIME text parts when
using text/plain as MIME type.
For lenny this issue was already fixed, but as an additional security
precaution, the display of inline text was disabled in the configuration
file.

CVE-2009-3701

It has been discovered that the horde3 administration interface is prone
to cross-site scripting attacks due to the use of the PHP_SELF variable.
This issue can only be exploited by authenticated administrators.

CVE-2009-4363

It has been discovered that horde3 is prone to several cross-site
scripting attacks via crafted data:text/html values in HTML messages.


For the stable distribution (lenny), these problems have been fixed in
version 3.2.2+debian0-2+lenny2.

For the oldstable distribution (etch), these problems have been fixed in
version 3.1.3-4etch7.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 3.3.6+debian0-1.


We recommend that you upgrade your horde3 packages.";
tag_summary = "The remote host is missing an update to horde3
announced via advisory DSA 1966-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201966-1";


if(description)
{
 script_oid("1.3.6.1.4.1.25623.1.0.66657");
 script_version("$Revision: 8207 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $");
 script_tag(name:"creation_date", value:"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)");
 script_cve_id("CVE-2009-3237", "CVE-2009-3701", "CVE-2009-4363");
 script_tag(name:"cvss_base", value:"4.3");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_name("Debian Security Advisory DSA 1966-1 (horde3)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.1.3-4etch7", rls:"DEB4.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"horde3", ver:"3.2.2+debian0-2+lenny2", rls:"DEB5.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"pluginID": "136141256231066657", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1966_1.nasl 8207 2017-12-21 07:30:12Z teissa $\n# Description: Auto-generated from advisory DSA 1966-1 (horde3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3237\n\nIt has been discovered that horde3 is prone to cross-site scripting\nattacks via crafted number preferences or inline MIME text parts when\nusing text/plain as MIME type.\nFor lenny this issue was already fixed, but as an additional security\nprecaution, the display of inline text was disabled in the configuration\nfile.\n\nCVE-2009-3701\n\nIt has been discovered that the horde3 administration interface is prone\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\nThis issue can only be exploited by authenticated administrators.\n\nCVE-2009-4363\n\nIt has been discovered that horde3 is prone to several cross-site\nscripting attacks via crafted data:text/html values in HTML messages.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch7.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.6+debian0-1.\n\n\nWe recommend that you upgrade your horde3 packages.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201966-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66657\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)\");\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1966-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.2.2+debian0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "history": [], "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.", "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066657", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "a0d96c938ff00c5214b38507903dc5c3"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "d449dcd7c154806f47efa08dbdf0f7e9"}, {"key": "href", "hash": "c549a5009eab22acbd41cb328db51252"}, {"key": "modified", "hash": "f049c9e8a6ef309ddd5ec6037c005a45"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "5bdcfa650ac3c4351fca1b782d35f2e5"}, {"key": "published", "hash": "ef8d54e4e607ea882c9bdd8018184d27"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7881f1f14ba7327b744ea154202aac85"}, {"key": "sourceData", "hash": "7dabc40c7655367fc7076b2f257281d8"}, {"key": "title", "hash": "f351128f831fd4da144bf7780404db37"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 1, "references": [], "lastseen": "2018-01-02T10:54:03", "published": "2010-01-11T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "id": "OPENVAS:136141256231066657", "hash": "50854c5a0a3084b48c1edd9d2e17a630b463558bd6cf3051c9fd40ef9cda82f3", "modified": "2017-12-21T00:00:00", "title": "Debian Security Advisory DSA 1966-1 (horde3)", "edition": 1, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "vulnersScore": 4.3}}

{"cve": [{"lastseen": "2018-10-11T11:33:54", "references": ["http://marc.info/?l=horde-announce&m=126100750018478&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/54817", "http://www.vupen.com/english/advisories/2009/3549", "http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0388.html", "http://www.securityfocus.com/bid/37351", "http://www.securityfocus.com/archive/1/508531/100/0/threaded", "http://www.vupen.com/english/advisories/2009/3572", "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h", "http://lists.horde.org/archives/announce/2009/000529.html", "http://marc.info/?l=horde-announce&m=126101076422179&w=2", "http://securitytracker.com/id?1023365"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.", "edition": 3, "reporter": "NVD", "published": "2009-12-21T11:30:00", "title": "CVE-2009-3701", "type": "cve", "enchantments": {"score": {"modified": "2018-10-11T11:33:54", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-3701"], "scanner": [], "modified": "2018-10-10T15:47:27", "cpe": ["cpe:/a:horde:groupware:1.1.6::webmail", "cpe:/a:horde:groupware:1.1:rc3:webmail", "cpe:/a:horde:application_framework:2.2.4", "cpe:/a:horde:groupware:1.1::webmail", "cpe:/a:horde:groupware:1.2.1::webmail", "cpe:/a:horde:application_framework:3.3.1", "cpe:/a:horde:application_framework:2.1", "cpe:/a:horde:application_framework:3.3", "cpe:/a:horde:application_framework:3.3.3", "cpe:/a:horde:groupware:1.2:rc1:webmail", "cpe:/a:horde:groupware:1.2.3::webmail", "cpe:/a:horde:application_framework:3.0.7", "cpe:/a:horde:application_framework:2.2.6", "cpe:/a:horde:groupware:1.0.3", "cpe:/a:horde:groupware:1.1:rc1:webmail", "cpe:/a:horde:groupware:1.1.2::webmail", "cpe:/a:horde:groupware:1.1.5::webmail", "cpe:/a:horde:groupware:1.2.3", "cpe:/a:horde:application_framework:3.0.8", "cpe:/a:horde:groupware:1.0:rc1:webmail", "cpe:/a:horde:groupware:1.0::webmail", "cpe:/a:horde:groupware:1.0.5::webmail", "cpe:/a:horde:groupware:1.2.2", "cpe:/a:horde:application_framework:2.2.4_rc1", "cpe:/a:horde:application_framework:3.0.9", "cpe:/a:horde:application_framework:3.2.4", "cpe:/a:horde:application_framework:2.2.3", "cpe:/a:horde:groupware:1.0:rc2:webmail", "cpe:/a:horde:application_framework:3.2.2", "cpe:/a:horde:groupware:1.0.1::webmail", "cpe:/a:horde:groupware:1.1", "cpe:/a:horde:groupware:1.0.1", "cpe:/a:horde:groupware:1.0.8::webmail", "cpe:/a:horde:groupware:1.0", "cpe:/a:horde:groupware:1.2.4", "cpe:/a:horde:application_framework:3.1", "cpe:/a:horde:application_framework:2.0", "cpe:/a:horde:groupware:1.1.4", "cpe:/a:horde:application_framework:3.0.3", "cpe:/a:horde:application_framework:3.0.2", "cpe:/a:horde:groupware:1.0.4::webmail", "cpe:/a:horde:groupware:1.0.7::webmail", "cpe:/a:horde:groupware:1.1:rc4:webmail", "cpe:/a:horde:application_framework:2.2", "cpe:/a:horde:application_framework:3.2.3", "cpe:/a:horde:groupware:1.0.2", "cpe:/a:horde:application_framework:3.0.6", "cpe:/a:horde:groupware:1.1.3::webmail", "cpe:/a:horde:application_framework:3.0.1", "cpe:/a:horde:groupware:1.1.1::webmail", "cpe:/a:horde:application_framework:3.0", "cpe:/a:horde:groupware:1.0.4", "cpe:/a:horde:groupware:1.0.6::webmail", "cpe:/a:horde:groupware:1.2.4::webmail", "cpe:/a:horde:application_framework:3.2.1", "cpe:/a:horde:application_framework:3.3.2", "cpe:/a:horde:application_framework:3.3.4", "cpe:/a:horde:groupware:1.0.2::webmail", "cpe:/a:horde:application_framework:2.1.3", "cpe:/a:horde:groupware:1.2.1", "cpe:/a:horde:groupware:1.2::webmail", "cpe:/a:horde:application_framework:3.3.5", "cpe:/a:horde:groupware:1.1.4::webmail", "cpe:/a:horde:groupware:1.1.1", "cpe:/a:horde:groupware:1.2:rc1", "cpe:/a:horde:groupware:1.2", "cpe:/a:horde:application_framework:2.2.5", "cpe:/a:horde:application_framework:3.2", "cpe:/a:horde:application_framework:2.2.1", "cpe:/a:horde:application_framework:3.1.1", "cpe:/a:horde:groupware:1.0.3::webmail", "cpe:/a:horde:groupware:1.1:rc2:webmail", "cpe:/a:horde:groupware:1.2.2::webmail", "cpe:/a:horde:groupware:1.1.3", "cpe:/a:horde:groupware:1.0.5", "cpe:/a:horde:application_framework:3.0.4", "cpe:/a:horde:groupware:1.2.3:rc1:webmail", "cpe:/a:horde:groupware:1.1.5", "cpe:/a:horde:groupware:1.1.2"], "id": "CVE-2009-3701", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3701", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T13:09:48", "references": ["http://marc.info/?l=horde-announce&m=126100750018478&w=2", "http://bugs.horde.org/ticket/8715", "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h", "http://lists.horde.org/archives/announce/2009/000529.html", "http://marc.info/?l=horde-announce&m=126101076422179&w=2", "http://securitytracker.com/id?1023365", "http://bugs.horde.org/view.php?actionID=view_file&type=patch&file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch&ticket=8715"], "edition": 1, "description": "Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by \"an XSS vulnerability in Firefox browsers.\"", "reporter": "NVD", "published": "2009-12-21T11:30:00", "type": "cve", "title": "CVE-2009-4363", "enchantments": {"score": {"modified": "2016-09-03T13:09:48", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-4363"], "scanner": [], "cpe": ["cpe:/a:horde:groupware:1.1.6::webmail", "cpe:/a:horde:groupware:1.1:rc3:webmail", "cpe:/a:horde:application_framework:2.2.4", "cpe:/a:horde:groupware:1.1::webmail", "cpe:/a:horde:groupware:1.2.1::webmail", "cpe:/a:horde:application_framework:3.3.1", "cpe:/a:horde:application_framework:2.1", "cpe:/a:horde:application_framework:3.3", "cpe:/a:horde:application_framework:3.3.3", "cpe:/a:horde:groupware:1.2:rc1:webmail", "cpe:/a:horde:groupware:1.2.3::webmail", "cpe:/a:horde:application_framework:3.0.7", "cpe:/a:horde:application_framework:2.2.6", "cpe:/a:horde:groupware:1.0.3", "cpe:/a:horde:groupware:1.1:rc1:webmail", "cpe:/a:horde:groupware:1.1.2::webmail", "cpe:/a:horde:groupware:1.1.5::webmail", "cpe:/a:horde:groupware:1.2.3", "cpe:/a:horde:application_framework:3.0.8", "cpe:/a:horde:groupware:1.0:rc1:webmail", "cpe:/a:horde:groupware:1.0::webmail", "cpe:/a:horde:groupware:1.0.5::webmail", "cpe:/a:horde:groupware:1.2.2", "cpe:/a:horde:application_framework:2.2.4_rc1", "cpe:/a:horde:application_framework:3.0.9", "cpe:/a:horde:application_framework:3.2.4", "cpe:/a:horde:application_framework:2.2.3", "cpe:/a:horde:groupware:1.0:rc2:webmail", "cpe:/a:horde:application_framework:3.2.2", "cpe:/a:horde:groupware:1.0.1::webmail", "cpe:/a:horde:groupware:1.1", "cpe:/a:horde:groupware:1.0.1", "cpe:/a:horde:groupware:1.0.8::webmail", "cpe:/a:horde:groupware:1.0", "cpe:/a:horde:groupware:1.2.4", "cpe:/a:horde:application_framework:3.1", "cpe:/a:horde:application_framework:2.0", "cpe:/a:horde:groupware:1.1.4", "cpe:/a:horde:application_framework:3.0.3", "cpe:/a:horde:application_framework:3.0.2", "cpe:/a:horde:groupware:1.0.4::webmail", "cpe:/a:horde:groupware:1.0.7::webmail", "cpe:/a:horde:groupware:1.1:rc4:webmail", "cpe:/a:horde:application_framework:2.2", "cpe:/a:horde:application_framework:3.2.3", "cpe:/a:horde:groupware:1.0.2", "cpe:/a:horde:application_framework:3.0.6", "cpe:/a:horde:groupware:1.1.3::webmail", "cpe:/a:horde:application_framework:3.0.1", "cpe:/a:horde:groupware:1.1.1::webmail", "cpe:/a:horde:application_framework:3.0", "cpe:/a:horde:groupware:1.0.4", "cpe:/a:horde:groupware:1.0.6::webmail", "cpe:/a:horde:groupware:1.2.4::webmail", "cpe:/a:horde:application_framework:3.2.1", "cpe:/a:horde:application_framework:3.3.2", "cpe:/a:horde:application_framework:3.3.4", "cpe:/a:horde:groupware:1.0.2::webmail", "cpe:/a:horde:application_framework:2.1.3", "cpe:/a:horde:groupware:1.2.1", "cpe:/a:horde:groupware:1.2::webmail", "cpe:/a:horde:application_framework:3.3.5", "cpe:/a:horde:groupware:1.1.4::webmail", "cpe:/a:horde:groupware:1.1.1", "cpe:/a:horde:groupware:1.2:rc1", "cpe:/a:horde:groupware:1.2", "cpe:/a:horde:application_framework:2.2.5", "cpe:/a:horde:application_framework:3.2", "cpe:/a:horde:application_framework:2.2.1", "cpe:/a:horde:application_framework:3.1.1", "cpe:/a:horde:groupware:1.0.3::webmail", "cpe:/a:horde:groupware:1.1:rc2:webmail", "cpe:/a:horde:groupware:1.2.2::webmail", "cpe:/a:horde:groupware:1.1.3", "cpe:/a:horde:groupware:1.0.5", "cpe:/a:horde:application_framework:3.0.4", "cpe:/a:horde:groupware:1.2.3:rc1:webmail", "cpe:/a:horde:groupware:1.1.5", "cpe:/a:horde:groupware:1.1.2"], "modified": "2012-01-06T00:00:00", "id": "CVE-2009-4363", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4363", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-17T11:14:28", "references": ["http://marc.info/?l=horde-announce&m=125295852706029&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/53202", "http://bugs.horde.org/ticket/?id=8311", "http://marc.info/?l=horde-announce&m=125292339907481&w=2", "http://bugs.horde.org/ticket/?id=8399", "http://marc.info/?l=horde-announce&m=125292088004087&w=2", "http://marc.info/?l=horde-announce&m=125292314007049&w=2", "http://marc.info/?l=horde-announce&m=125291625030436&w=2", "http://marc.info/?l=horde-announce&m=125294558611682&w=2"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; allow remote attackers to inject arbitrary web script or HTML via the (1) crafted number preferences that are not properly handled in the preference system (services/prefs.php), as demonstrated by the sidebar_width parameter; or (2) crafted unknown MIME \"text parts\" that are not properly handled in the MIME viewer library (config/mime_drivers.php).", "edition": 2, "reporter": "NVD", "published": "2009-09-17T06:30:01", "title": "CVE-2009-3237", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:28", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-3237"], "scanner": [], "modified": "2017-08-16T21:31:03", "cpe": ["cpe:/a:horde:horde_groupware:1.1.5", "cpe:/a:horde:groupware:1.1.6::webmail", "cpe:/a:horde:groupware:1.1:rc3:webmail", "cpe:/a:horde:horde_application_framework:3.3", "cpe:/a:horde:groupware:1.1::webmail", "cpe:/a:horde:horde_application_framework:3.3.2", "cpe:/a:horde:horde_application_framework:3.2.4", "cpe:/a:horde:groupware:1.2.1::webmail", "cpe:/a:horde:horde_application_framework:3.3.1", "cpe:/a:horde:groupware:1.2:rc1:webmail", "cpe:/a:horde:horde_application_framework:3.3.4", "cpe:/a:horde:groupware:1.2.3::webmail", "cpe:/a:horde:horde_groupware:1.1.4", "cpe:/a:horde:groupware:1.1:rc1:webmail", "cpe:/a:horde:groupware:1.1.2::webmail", "cpe:/a:horde:horde_groupware:1.2.2", "cpe:/a:horde:horde_groupware:1.2", "cpe:/a:horde:horde_groupware:1.1.2", "cpe:/a:horde:horde_groupware:1.1.3", "cpe:/a:horde:horde_application_framework:3.2", "cpe:/a:horde:horde_groupware:1.2.1", "cpe:/a:horde:groupware:1.1:rc4:webmail", "cpe:/a:horde:groupware:1.1.3::webmail", "cpe:/a:horde:groupware:1.1.1::webmail", "cpe:/a:horde:horde_groupware:1.1.1", "cpe:/a:horde:horde_application_framework:3.2.3", "cpe:/a:horde:horde_application_framework:3.2.1", "cpe:/a:horde:groupware:1.2::webmail", "cpe:/a:horde:groupware:1.1.4::webmail", "cpe:/a:horde:horde_application_framework:3.2.2", "cpe:/a:horde:groupware:1.1:rc2:webmail", "cpe:/a:horde:groupware:1.2.2::webmail", "cpe:/a:horde:horde_groupware:1.2.3", "cpe:/a:horde:groupware:1.2.3:rc1:webmail", "cpe:/a:horde:horde_application_framework:3.3.3"], "id": "CVE-2009-3237", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3237", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:10:22", "references": ["https://security-tracker.debian.org/tracker/CVE-2009-3701", "https://security-tracker.debian.org/tracker/CVE-2009-3237", "https://www.debian.org/security/2010/dsa-1966", "https://security-tracker.debian.org/tracker/CVE-2009-4363"], "pluginID": "44831", "description": "Several vulnerabilities have been found in horde3, the horde web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-3237\n It has been discovered that horde3 is prone to\n cross-site scripting attacks via crafted number\n preferences or inline MIME text parts when using\n text/plain as MIME type. For lenny this issue was\n already fixed, but as an additional security precaution,\n the display of inline text was disabled in the\n configuration file.\n\n - CVE-2009-3701\n It has been discovered that the horde3 administration\n interface is prone to cross-site scripting attacks due\n to the use of the PHP_SELF variable. This issue can only\n be exploited by authenticated administrators.\n\n - CVE-2009-4363\n It has been discovered that horde3 is prone to several\n cross-site scripting attacks via crafted data:text/html\n values in HTML messages.", "edition": 8, "reporter": "Tenable", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1966-1 : horde3 - insufficient input sanitising", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:horde3"], "id": "DEBIAN_DSA-1966.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44831", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1966. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44831);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(37351);\n script_xref(name:\"DSA\", value:\"1966\");\n\n script_name(english:\"Debian DSA-1966-1 : horde3 - insufficient input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in horde3, the horde web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-3237\n It has been discovered that horde3 is prone to\n cross-site scripting attacks via crafted number\n preferences or inline MIME text parts when using\n text/plain as MIME type. For lenny this issue was\n already fixed, but as an additional security precaution,\n the display of inline text was disabled in the\n configuration file.\n\n - CVE-2009-3701\n It has been discovered that the horde3 administration\n interface is prone to cross-site scripting attacks due\n to the use of the PHP_SELF variable. This issue can only\n be exploited by authenticated administrators.\n\n - CVE-2009-4363\n It has been discovered that horde3 is prone to several\n cross-site scripting attacks via crafted data:text/html\n values in HTML messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-1966\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the horde3 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed\nin version 3.1.3-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:horde3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"horde3\", reference:\"3.1.3-4etch7\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"horde3\", reference:\"3.2.2+debian0-2+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:19", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=539585"], "pluginID": "44607", "description": "This update of horde fixes :\n\n - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite\n arbitrary files and execute PHP code\n\n - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site\n Scripting (XSS)\n\n - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site\n Scripting (XSS)\n\n - CVE-2009-4363: CVSS v2 Base Score: 4.3: Cross-Site\n Scripting (XSS)", "edition": 5, "reporter": "Tenable", "published": "2010-02-15T00:00:00", "title": "openSUSE Security Update : horde (horde-1947)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3701", "CVE-2009-3236", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:horde"], "id": "SUSE_11_0_HORDE-100210.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update horde-1947.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44607);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:38:13 $\");\n\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n\n script_name(english:\"openSUSE Security Update : horde (horde-1947)\");\n script_summary(english:\"Check for the horde-1947 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of horde fixes :\n\n - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite\n arbitrary files and execute PHP code\n\n - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site\n Scripting (XSS)\n\n - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site\n Scripting (XSS)\n\n - CVE-2009-4363: CVSS v2 Base Score: 4.3: Cross-Site\n Scripting (XSS)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539585\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"horde-3.1.9-0.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "http://www.nessus.org/u?e177a3bb", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47395", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-5520.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47395", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5520.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47395);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5520\");\n\n script_name(english:\"Fedora 12 : horde-3.3.6-1.fc12 (2010-5520)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e177a3bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"horde-3.3.6-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "http://www.nessus.org/u?187fbedd", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47390", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-5483.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47390", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5483.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47390);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5483\");\n\n script_name(english:\"Fedora 11 : horde-3.3.6-1.fc11 (2010-5483)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?187fbedd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"horde-3.3.6-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:47", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=461887", "https://bugzilla.redhat.com/show_bug.cgi?id=461886", "https://bugzilla.redhat.com/show_bug.cgi?id=480818", "http://www.nessus.org/u?25edd544", "https://bugzilla.redhat.com/show_bug.cgi?id=549506", "https://bugzilla.redhat.com/show_bug.cgi?id=523407", "https://bugzilla.redhat.com/show_bug.cgi?id=523401", "https://bugzilla.redhat.com/show_bug.cgi?id=549516", "https://bugzilla.redhat.com/show_bug.cgi?id=490932"], "pluginID": "47404", "description": "Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:horde", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-5563.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47404", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5563.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47404);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:53 $\");\n\n script_cve_id(\"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_bugtraq_id(31107, 33491, 37351);\n script_xref(name:\"FEDORA\", value:\"2010-5563\");\n\n script_name(english:\"Fedora 13 : horde-3.3.6-1.fc13 (2010-5563)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to 3.3.6 - Fixes a lot of security bugs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=461887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=480818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=523407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549516\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038413.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25edd544\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected horde package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Horde < 3.3.2 LFI\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"horde-3.3.6-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horde\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:10:03", "references": ["https://security.gentoo.org/glsa/200911-01"], "pluginID": "42415", "description": "The remote host is affected by the vulnerability described in GLSA-200911-01\n(Horde: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Horde:\n Stefan Esser of Sektion1 reported an error within the form library\n when handling image form fields (CVE-2009-3236).\n Martin\n Geisler and David Wharton reported that an error exists in the MIME\n viewer library when viewing unknown text parts and the preferences\n system in services/prefs.php when handling number preferences\n (CVE-2009-3237).\nImpact :\n\n A remote authenticated attacker could exploit these vulnerabilities to\n overwrite arbitrary files on the server, provided that the user has\n write permissions. A remote authenticated attacker could conduct\n Cross-Site Scripting attacks.\nWorkaround :\n\n There is no known workaround at this time.", "edition": 6, "reporter": "Tenable", "published": "2009-11-09T00:00:00", "title": "GLSA-200911-01 : Horde: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:horde-webmail", "p-cpe:/a:gentoo:linux:horde", "p-cpe:/a:gentoo:linux:horde-groupware"], "id": "GENTOO_GLSA-200911-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42415", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200911-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42415);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\");\n script_xref(name:\"GLSA\", value:\"200911-01\");\n\n script_name(english:\"GLSA-200911-01 : Horde: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200911-01\n(Horde: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Horde:\n Stefan Esser of Sektion1 reported an error within the form library\n when handling image form fields (CVE-2009-3236).\n Martin\n Geisler and David Wharton reported that an error exists in the MIME\n viewer library when viewing unknown text parts and the preferences\n system in services/prefs.php when handling number preferences\n (CVE-2009-3237).\n \nImpact :\n\n A remote authenticated attacker could exploit these vulnerabilities to\n overwrite arbitrary files on the server, provided that the user has\n write permissions. A remote authenticated attacker could conduct\n Cross-Site Scripting attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200911-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Horde users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-3.3.5'\n All Horde webmail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-webmail-1.2.4'\n All Horde groupware users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/horde-groupware-1.2.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde-groupware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:horde-webmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/horde-webmail\", unaffected:make_list(\"ge 1.2.4\"), vulnerable:make_list(\"lt 1.2.4\"))) flag++;\nif (qpkg_check(package:\"www-apps/horde\", unaffected:make_list(\"ge 3.3.5\"), vulnerable:make_list(\"lt 3.3.5\"))) flag++;\nif (qpkg_check(package:\"www-apps/horde-groupware\", unaffected:make_list(\"ge 1.2.4\"), vulnerable:make_list(\"lt 1.2.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Horde\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1966-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nJanuary 07, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : horde3\r\nVulnerability : insufficient input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Ids : CVE-2009-3237 CVE-2009-3701 CVE-2009-4363\r\n\r\nSeveral vulnerabilities have been found in horde3, the horde web application\r\nframework. The Common Vulnerabilities and Exposures project identifies\r\nthe following problems:\r\n\r\nCVE-2009-3237\r\n\r\nIt has been discovered that horde3 is prone to cross-site scripting\r\nattacks via crafted number preferences or inline MIME text parts when\r\nusing text/plain as MIME type.\r\nFor lenny this issue was already fixed, but as an additional security\r\nprecaution, the display of inline text was disabled in the configuration\r\nfile.\r\n\r\nCVE-2009-3701\r\n\r\nIt has been discovered that the horde3 administration interface is prone\r\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\r\nThis issue can only be exploited by authenticated administrators.\r\n\r\nCVE-2009-4363\r\n\r\nIt has been discovered that horde3 is prone to several cross-site\r\nscripting attacks via crafted data:text/html values in HTML messages.\r\n\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 3.2.2+debian0-2+lenny2.\r\n\r\nFor the oldstable distribution (etch), these problems have been fixed in\r\nversion 3.1.3-4etch7.\r\n\r\nFor the testing distribution (squeeze) and the unstable distribution\r\n(sid), these problems have been fixed in version 3.3.6+debian0-1.\r\n\r\n\r\nWe recommend that you upgrade your horde3 packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.dsc\r\n Size/MD5 checksum: 691 48b9e415b5f6ab912615d4da1fdbf972\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.diff.gz\r\n Size/MD5 checksum: 17280 15471b64c8321f477800da4cfe3ff8e4\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz\r\n Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7_all.deb\r\n Size/MD5 checksum: 5282070 b0788ebca983b9059a7fa05ada2de4cb\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.dsc\r\n Size/MD5 checksum: 1389 c7d03777a3a09845206364f689752f30\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.diff.gz\r\n Size/MD5 checksum: 27993 866df86724501fbd550d5e164e4cdd3c\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0.orig.tar.gz\r\n Size/MD5 checksum: 7180761 fb22a594bbdad07a0fbeef035a6d2f39\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2_all.deb\r\n Size/MD5 checksum: 7240984 9298abd370d67b6a4861f015e330d1c5\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAktFssAACgkQ62zWxYk/rQf9kACgmyXz0l/5q9TZiiafcbmrEWqf\r\nx/8An3Daz3amIFFmj0uGbiQ+g4CtZw9w\r\n=4/Rk\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-01-07T00:00:00", "title": "[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:32", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2010-01-07T00:00:00", "id": "SECURITYVULNS:DOC:23011", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23011", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:35", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23011", "https://vulners.com/securityvulns/securityvulns:doc:23013"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2010-01-07T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:35", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "phpldapadmin", "version": "1.1", "operator": "eq"}, {"name": "Horde", "version": "3.2", "operator": "eq"}, {"name": "Horde", "version": "3.3", "operator": "eq"}], "cvelist": ["CVE-2009-4427", "CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2010-01-07T00:00:00", "id": "SECURITYVULNS:VULN:10501", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10501", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "references": [], "description": "=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2009-012\r\n- Original release date: October 13th, 2009\r\n- Last revised: December 16th, 2009\r\n- Discovered by: Juan Galiana Lara\r\n- CVE ID: CVE-2009-3701\r\n- Severity: 6.3/10 (CVSS Base Score)\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nHorde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nThe Horde Application Framework is a modular, general-purpose web\r\napplication framework written in PHP. It provides an extensive array\r\nof classes that are targeted at the common problems and tasks involved\r\nin developing modern web applications.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nInput passed to 'PHP_SELF' variable is not properly filtered before\r\nbeing returned to the user. This can be explotied to inject arbitrary\r\nHTML or to execute arbitrary script code in a user's browser session\r\nin context of an affected site. In order to successfully exploit this\r\nvulnerability the targeted user has to be logged as an administrator.\r\n\r\nhorde-3.3.5/admin/cmdshell.php:46:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/sqlshell.php:29:<form name="sqlshell" action="<?php\r\necho $_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/phpshell.php:42:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\n\r\nIn order to filter the "PHP_SELF" variable, the htmlspecialchars\r\nfunction has to be used, like in\r\n'horde-3.3.5/templates/shares/edit.inc' file:\r\n\r\nhorde-3.3.5/templates/shares/edit.inc:1:<form name="edit"\r\nmethod="post" action="<?php echo\r\nhtmlspecialchars($_SERVER['PHP_SELF']) ?>">\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThis PoC will show an alert with the text "xss"\r\n\r\nhttp://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nIs possible to execute arbitrary HTML or script code in a targeted\r\nuser's browser. Only works with administration sessions.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nHorde 3.3.5 is vulnerable, others may be affected.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nUpgrade to version 3.3.6\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.horde.org\r\nhttp://lists.horde.org/archives/announce/2009/000529.html\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered by\r\nJuan Galiana Lara (jgaliana (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n-------------------------\r\nOctober 13, 2009: Initial release\r\nOctober 19, 2009: Added CVE id.\r\nDecember 13, 2009: Revision.\r\nDecember 16, 2009: Las revision.\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nOctober 13, 2009: Vulnerability discovered by\r\n Internet Security Auditors.\r\nOctober 13, 2009: Sent to developers.\r\n The issue is considered hard to exploit and\r\n solution is delayed.\r\nDecember 13, 2009: Second contact for correction plan.\r\nDecember 15, 2009: New release published.\r\nDecember 16, 2009: Sent to public lists.\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is"\r\nwith no warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.", "edition": 1, "reporter": "Securityvulns", "published": "2009-12-17T00:00:00", "title": "[ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:32", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-3701"], "modified": "2009-12-17T00:00:00", "id": "SECURITYVULNS:DOC:22969", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22969", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:04", "references": [], "pluginID": "66657", "description": "The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.", "edition": 2, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-01-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Debian Security Advisory DSA 1966-1 (horde3)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66657", "id": "OPENVAS:66657", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1966_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 1966-1 (horde3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3237\n\nIt has been discovered that horde3 is prone to cross-site scripting\nattacks via crafted number preferences or inline MIME text parts when\nusing text/plain as MIME type.\nFor lenny this issue was already fixed, but as an additional security\nprecaution, the display of inline text was disabled in the configuration\nfile.\n\nCVE-2009-3701\n\nIt has been discovered that the horde3 administration interface is prone\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\nThis issue can only be exploited by authenticated administrators.\n\nCVE-2009-4363\n\nIt has been discovered that horde3 is prone to several cross-site\nscripting attacks via crafted data:text/html values in HTML messages.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch7.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.6+debian0-1.\n\n\nWe recommend that you upgrade your horde3 packages.\";\ntag_summary = \"The remote host is missing an update to horde3\nannounced via advisory DSA 1966-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201966-1\";\n\n\nif(description)\n{\n script_id(66657);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)\");\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1966-1 (horde3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.1.3-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"horde3\", ver:\"3.2.2+debian0-2+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:35", "references": ["2010-5483", "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html"], "pluginID": "861827", "description": "Check for the Version of horde", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-06T00:00:00", "title": "Fedora Update for horde FEDORA-2010-5483", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2017-12-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861827", "id": "OPENVAS:861827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-5483\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit <A HREF= &qt http://www.horde.org/. &qt >http://www.horde.org/.</A>\n \n READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\n\ntag_affected = \"horde on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html\");\n script_id(861827);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-5483\");\n script_cve_id(\"CVE-2009-3701\", \"CVE-2009-4363\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\");\n script_name(\"Fedora Update for horde FEDORA-2010-5483\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.6~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-26T11:05:49", "references": ["2010-5483", "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html"], "pluginID": "1361412562310861827", "description": "Check for the Version of horde", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-06T00:00:00", "title": "Fedora Update for horde FEDORA-2010-5483", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2018-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861827", "id": "OPENVAS:1361412562310861827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-5483\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit <A HREF= &qt http://www.horde.org/. &qt >http://www.horde.org/.</A>\n \n READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\n\ntag_affected = \"horde on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038285.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861827\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-5483\");\n script_cve_id(\"CVE-2009-3701\", \"CVE-2009-4363\", \"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\");\n script_name(\"Fedora Update for horde FEDORA-2010-5483\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.6~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-06T13:05:10", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html", "2010-5520"], "pluginID": "1361412562310861819", "description": "Check for the Version of horde", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-06T00:00:00", "type": "openvas", "title": "Fedora Update for horde FEDORA-2010-5520", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2018-01-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861819", "id": "OPENVAS:1361412562310861819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-5520\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit <A HREF= &qt http://www.horde.org/. &qt >http://www.horde.org/.</A>\n \n READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\n\ntag_affected = \"horde on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861819\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-5520\");\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_name(\"Fedora Update for horde FEDORA-2010-5520\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.6~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-15T11:58:09", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html", "2010-5520"], "pluginID": "861819", "description": "Check for the Version of horde", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-04-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for horde FEDORA-2010-5520", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0932", "CVE-2009-3701", "CVE-2009-0931", "CVE-2009-3236", "CVE-2009-4363", "CVE-2008-5917", "CVE-2008-3824", "CVE-2008-3823", "CVE-2009-3237"], "modified": "2017-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861819", "id": "OPENVAS:861819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for horde FEDORA-2010-5520\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Horde Framework provides a common structure and interface for Horde\n applications (such as IMP, a web-based mail program). This RPM is\n required for all other Horde module RPMs.\n\n The Horde Project writes web applications in PHP and releases them under\n Open Source licenses. For more information (including help with Horde\n and its modules) please visit <A HREF= &qt http://www.horde.org/. &qt >http://www.horde.org/.</A>\n \n READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR\n INSTRUCTIONS AND SECURITY!\n \n For additional functionality, also install horde-enhanced\";\n\ntag_affected = \"horde on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038358.html\");\n script_id(861819);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-5520\");\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\", \"CVE-2009-0931\", \"CVE-2009-0932\", \"CVE-2008-3823\", \"CVE-2008-3824\", \"CVE-2008-5917\", \"CVE-2009-3701\", \"CVE-2009-4363\");\n script_name(\"Fedora Update for horde FEDORA-2010-5520\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of horde\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"horde\", rpm:\"horde~3.3.6~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:56", "references": [], "pluginID": "66148", "description": "The remote host is missing updates announced in\nadvisory GLSA 200911-01.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-11-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66148", "id": "OPENVAS:66148", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the Horde Application Framework can allow for\n arbitrary files to be overwritten and cross-site scripting attacks.\";\ntag_solution = \"All Horde users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-3.3.5\n\nAll Horde webmail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-webmail-1.2.4\n\nAll Horde groupware users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-groupware-1.2.4\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=285052\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200911-01.\";\n\n \n \n\nif(description)\n{\n script_id(66148);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde\", unaffected: make_list(\"ge 3.3.5\"), vulnerable: make_list(\"lt 3.3.5\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-webmail\", unaffected: make_list(\"ge 1.2.4\"), vulnerable: make_list(\"lt 1.2.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-groupware\", unaffected: make_list(\"ge 1.2.4\"), vulnerable: make_list(\"lt 1.2.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:47", "references": [], "pluginID": "136141256231066148", "description": "The remote host is missing updates announced in\nadvisory GLSA 200911-01.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-11-11T00:00:00", "title": "Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066148", "id": "OPENVAS:136141256231066148", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the Horde Application Framework can allow for\n arbitrary files to be overwritten and cross-site scripting attacks.\";\ntag_solution = \"All Horde users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-3.3.5\n\nAll Horde webmail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-webmail-1.2.4\n\nAll Horde groupware users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =www-apps/horde-groupware-1.2.4\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=285052\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200911-01.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66148\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3236\", \"CVE-2009-3237\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/horde\", unaffected: make_list(\"ge 3.3.5\"), vulnerable: make_list(\"lt 3.3.5\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-webmail\", unaffected: make_list(\"ge 1.2.4\"), vulnerable: make_list(\"lt 1.2.4\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"www-apps/horde-groupware\", unaffected: make_list(\"ge 1.2.4\"), vulnerable: make_list(\"lt 1.2.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:44", "references": [], "pluginID": "136141256231064893", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-15T00:00:00", "title": "FreeBSD Ports: horde-base", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064893", "id": "OPENVAS:136141256231064893", "sourceData": "#\n#VID ee23aa09-a175-11de-96c0-0011098ad87f\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID ee23aa09-a175-11de-96c0-0011098ad87f\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: horde-base\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.horde.org/ticket/?id=8311\nhttp://bugs.horde.org/ticket/?id=8399\nhttp://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559\nhttp://www.vuxml.org/freebsd/ee23aa09-a175-11de-96c0-0011098ad87f.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64893\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3236\"); \n script_bugtraq_id(36382);\n script_tag(name:\"cvss_base\", value:\"4.3\"); \n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\"); \n script_name(\"FreeBSD Ports: horde-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"horde-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.5\")<0) {\n txt += 'Package horde-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:10", "references": [], "pluginID": "64893", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: horde-base", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2016-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64893", "id": "OPENVAS:64893", "sourceData": "#\n#VID ee23aa09-a175-11de-96c0-0011098ad87f\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID ee23aa09-a175-11de-96c0-0011098ad87f\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: horde-base\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.horde.org/ticket/?id=8311\nhttp://bugs.horde.org/ticket/?id=8399\nhttp://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559\nhttp://www.vuxml.org/freebsd/ee23aa09-a175-11de-96c0-0011098ad87f.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64893);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-3237\", \"CVE-2009-3236\"); \n script_bugtraq_id(36382);\n script_tag(name:\"cvss_base\", value:\"4.3\"); \n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\"); \n script_name(\"FreeBSD Ports: horde-base\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"horde-base\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.3.5\")<0) {\n txt += 'Package horde-base version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:05", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "3.1.3-4etch7", "arch": "all", "packageFilename": "horde3_3.1.3-4etch7_all.deb", "packageName": "horde3", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "3.2.2+debian0-2+lenny2", "arch": "all", "packageFilename": "horde3_3.2.2+debian0-2+lenny2_all.deb", "packageName": "horde3", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1966-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJanuary 07, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : horde3\nVulnerability : insufficient input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Ids : CVE-2009-3237 CVE-2009-3701 CVE-2009-4363\n\nSeveral vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-3237\n\nIt has been discovered that horde3 is prone to cross-site scripting\nattacks via crafted number preferences or inline MIME text parts when\nusing text/plain as MIME type.\nFor lenny this issue was already fixed, but as an additional security\nprecaution, the display of inline text was disabled in the configuration\nfile.\n\nCVE-2009-3701\n\nIt has been discovered that the horde3 administration interface is prone\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\nThis issue can only be exploited by authenticated administrators.\n\nCVE-2009-4363\n\nIt has been discovered that horde3 is prone to several cross-site\nscripting attacks via crafted data:text/html values in HTML messages.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.\n\nFor the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch7.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.6+debian0-1.\n\n\nWe recommend that you upgrade your horde3 packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.dsc\n Size/MD5 checksum: 691 48b9e415b5f6ab912615d4da1fdbf972\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.diff.gz\n Size/MD5 checksum: 17280 15471b64c8321f477800da4cfe3ff8e4\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz\n Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7_all.deb\n Size/MD5 checksum: 5282070 b0788ebca983b9059a7fa05ada2de4cb\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.dsc\n Size/MD5 checksum: 1389 c7d03777a3a09845206364f689752f30\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.diff.gz\n Size/MD5 checksum: 27993 866df86724501fbd550d5e164e4cdd3c\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0.orig.tar.gz\n Size/MD5 checksum: 7180761 fb22a594bbdad07a0fbeef035a6d2f39\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2_all.deb\n Size/MD5 checksum: 7240984 9298abd370d67b6a4861f015e330d1c5\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2010-01-07T10:33:35", "title": "[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:05", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3701", "CVE-2009-4363", "CVE-2009-3237"], "modified": "2010-01-07T10:33:35", "id": "DEBIAN:DSA-1966-1:8385B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00001.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T15:33:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "title": "Horde 3.3.5 - \"PHP_SELF\" XSS vulnerability", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-67207", "id": "SSV:67207", "sourceData": "\n =============================================\r\nINTERNET SECURITY AUDITORS ALERT 2009-012\r\n- Original release date: October 13th, 2009\r\n- Last revised: December 16th, 2009\r\n- Discovered by: Juan Galiana Lara\r\n- CVE ID: CVE-2009-3701\r\n- Severity: 6.3/10 (CVSS Base Score)\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nHorde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nThe Horde Application Framework is a modular, general-purpose web\r\napplication framework written in PHP. It provides an extensive array\r\nof classes that are targeted at the common problems and tasks involved\r\nin developing modern web applications.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nInput passed to 'PHP_SELF' variable is not properly filtered before\r\nbeing returned to the user. This can be explotied to inject arbitrary\r\nHTML or to execute arbitrary script code in a user's browser session\r\nin context of an affected site. In order to successfully exploit this\r\nvulnerability the targeted user has to be logged as an administrator.\r\n\r\nhorde-3.3.5/admin/cmdshell.php:46:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/sqlshell.php:29:<form name="sqlshell" action="<?php\r\necho $_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/phpshell.php:42:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\n\r\nIn order to filter the "PHP_SELF" variable, the htmlspecialchars\r\nfunction has to be used, like in\r\n'horde-3.3.5/templates/shares/edit.inc' file:\r\n\r\nhorde-3.3.5/templates/shares/edit.inc:1:<form name="edit"\r\nmethod="post" action="<?php echo\r\nhtmlspecialchars($_SERVER['PHP_SELF']) ?>">\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThis PoC will show an alert with the text "8"\r\n\r\nhttp://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nIs possible to execute arbitrary HTML or script code in a targeted\r\nuser's browser. Only works with administration sessions.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nHorde 3.3.5 is vulnerable, others may be affected.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nUpgrade to version 3.3.6\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.horde.org\r\nhttp://lists.horde.org/archives/announce/2009/000529.html\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered by\r\nJuan Galiana Lara (jgaliana (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n-------------------------\r\nOctober 13, 2009: Initial release\r\nOctober 19, 2009: Added CVE id.\r\nDecember 13, 2009: Revision.\r\nDecember 16, 2009: Las revision.\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nOctober 13, 2009: Vulnerability discovered by\r\n Internet Security Auditors.\r\nOctober 13, 2009: Sent to developers.\r\n The issue is considered hard to exploit and\r\n solution is delayed.\r\nDecember 13, 2009: Second contact for correction plan.\r\nDecember 15, 2009: New release published.\r\nDecember 16, 2009: Sent to public lists.\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is"\r\nwith no warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.\r\n\n ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-67207", "status": "cve,poc"}, {"lastseen": "2017-11-19T18:24:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2009-12-17T00:00:00", "type": "seebug", "title": "Horde 3.3.5 ""PHP_SELF"" XSS vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-18575", "id": "SSV:18575", "sourceData": "\n =============================================\r\nINTERNET SECURITY AUDITORS ALERT 2009-012\r\n- Original release date: October 13th, 2009\r\n- Last revised: December 16th, 2009\r\n- Discovered by: Juan Galiana Lara\r\n- CVE ID: CVE-2009-3701\r\n- Severity: 6.3/10 (CVSS Base Score)\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nHorde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nThe Horde Application Framework is a modular, general-purpose web\r\napplication framework written in PHP. It provides an extensive array\r\nof classes that are targeted at the common problems and tasks involved\r\nin developing modern web applications.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nInput passed to 'PHP_SELF' variable is not properly filtered before\r\nbeing returned to the user. This can be explotied to inject arbitrary\r\nHTML or to execute arbitrary script code in a user's browser session\r\nin context of an affected site. In order to successfully exploit this\r\nvulnerability the targeted user has to be logged as an administrator.\r\n\r\nhorde-3.3.5/admin/cmdshell.php:46:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/sqlshell.php:29:<form name="sqlshell" action="<?php\r\necho $_SERVER['PHP_SELF'] ?>" method="post">\r\nhorde-3.3.5/admin/phpshell.php:42:<form action="<?php echo\r\n$_SERVER['PHP_SELF'] ?>" method="post">\r\n\r\nIn order to filter the "PHP_SELF" variable, the htmlspecialchars\r\nfunction has to be used, like in\r\n'horde-3.3.5/templates/shares/edit.inc' file:\r\n\r\nhorde-3.3.5/templates/shares/edit.inc:1:<form name="edit"\r\nmethod="post" action="<?php echo\r\nhtmlspecialchars($_SERVER['PHP_SELF']) ?>">\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThis PoC will show an alert with the text "8"\r\n\r\nhttp://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nIs possible to execute arbitrary HTML or script code in a targeted\r\nuser's browser. Only works with administration sessions.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nHorde 3.3.5 is vulnerable, others may be affected.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nUpgrade to version 3.3.6\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.horde.org\r\nhttp://lists.horde.org/archives/announce/2009/000529.html\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered by\r\nJuan Galiana Lara (jgaliana (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n-------------------------\r\nOctober 13, 2009: Initial release\r\nOctober 19, 2009: Added CVE id.\r\nDecember 13, 2009: Revision.\r\nDecember 16, 2009: Las revision.\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nOctober 13, 2009: Vulnerability discovered by\r\n Internet Security Auditors.\r\nOctober 13, 2009: Sent to developers.\r\n The issue is considered hard to exploit and\r\n solution is delayed.\r\nDecember 13, 2009: Second contact for correction plan.\r\nDecember 15, 2009: New release published.\r\nDecember 16, 2009: Sent to public lists.\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is"\r\nwith no warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-18575", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "status": "poc"}, {"lastseen": "2017-11-19T18:20:24", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 37351\r\nCVE ID: CVE-2009-3701\r\n\r\nHorde Framework\u662f\u4e2a\u4ee5PHP\u4e3a\u57fa\u7840\u7684\u67b6\u6784\uff0c\u7528\u4e8e\u521b\u5efa\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nHorde\u6ca1\u6709\u6b63\u786e\u5730\u8fc7\u6ee4\u7528\u6237\u901a\u8fc7URL\u63d0\u4ea4\u7ed9admin/phpshell.php\u3001admin/cmdshell.php\u548cadmin /sqlshell.php\u7684PHP_SELF\u53c2\u6570\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nHorde Horde 3.x\r\nHorde Groupware 1.2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nHorde\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://ftp.horde.org/pub/horde-webmail/horde-webmail-1.2.5.tar.gz\r\nhttp://ftp.horde.org/pub/horde-groupware/horde-groupware-1.2.5.tar.gz\r\nhttp://ftp.horde.org/pub/horde/horde-3.3.6.tar.gz", "reporter": "Root", "published": "2009-12-23T00:00:00", "title": "Horde\u5e94\u7528\u6846\u67b6\u7ba1\u7406\u754c\u9762PHP_SELF\u53c2\u6570\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15130", "id": "SSV:15130", "sourceData": "\n http://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\n ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-15130", "status": "poc,details"}], "exploitdb": [{"lastseen": "2016-02-03T19:08:03", "osvdbidlist": ["61304"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Horde 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "reporter": "Juan Galiana Lara", "published": "2009-12-15T00:00:00", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-12-15T00:00:00", "id": "EDB-ID:33408", "href": "https://www.exploit-db.com/exploits/33408/", "sourceData": "source: http://www.securityfocus.com/bid/37351/info\r\n \r\nHorde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n \r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nThis issue affects versions prior to Horde 3.3.6.\r\n \r\nNote that additional products that use the Horde framework may also be vulnerable. \r\n\r\nhttp://www.example.com/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33408/"}, {"lastseen": "2016-02-03T19:07:56", "osvdbidlist": ["61303"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Horde 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "reporter": "Juan Galiana Lara", "published": "2009-12-15T00:00:00", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-12-15T00:00:00", "id": "EDB-ID:33407", "href": "https://www.exploit-db.com/exploits/33407/", "sourceData": "source: http://www.securityfocus.com/bid/37351/info\r\n \r\nHorde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n \r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nThis issue affects versions prior to Horde 3.3.6.\r\n \r\nNote that additional products that use the Horde framework may also be vulnerable. \r\n\r\nhttp://www.example.com/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33407/"}, {"lastseen": "2016-02-03T19:07:49", "osvdbidlist": ["61043"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Horde 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS. CVE-2009-3701. Webapps exploit for php platform", "reporter": "Juan Galiana Lara", "published": "2009-12-15T00:00:00", "type": "exploitdb", "title": "Horde <= 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-12-15T00:00:00", "id": "EDB-ID:33406", "href": "https://www.exploit-db.com/exploits/33406/", "sourceData": "source: http://www.securityfocus.com/bid/37351/info\r\n\r\nHorde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nThis issue affects versions prior to Horde 3.3.6.\r\n\r\nNote that additional products that use the Horde framework may also be vulnerable. \r\n\r\nhttp://www.example.com/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33406/"}, {"lastseen": "2016-02-01T12:38:59", "osvdbidlist": [], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Horde 3.3.5 \"PHP_SELF\" XSS vulnerability. CVE-2009-3701. Webapps exploit for php platform", "reporter": "Juan Galiana Lara", "published": "2009-12-17T00:00:00", "type": "exploitdb", "title": "Horde 3.3.5 - \"PHP_SELF\" XSS Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-12-17T00:00:00", "id": "EDB-ID:10512", "href": "https://www.exploit-db.com/exploits/10512/", "sourceData": "=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2009-012\r\n- Original release date: October 13th, 2009\r\n- Last revised: December 16th, 2009\r\n- Discovered by: Juan Galiana Lara\r\n- CVE ID: CVE-2009-3701\r\n- Severity: 6.3/10 (CVSS Base Score)\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nHorde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nThe Horde Application Framework is a modular, general-purpose web\r\napplication framework written in PHP. It provides an extensive array\r\nof classes that are targeted at the common problems and tasks involved\r\nin developing modern web applications.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nInput passed to 'PHP_SELF' variable is not properly filtered before\r\nbeing returned to the user. This can be explotied to inject arbitrary\r\nHTML or to execute arbitrary script code in a user's browser session\r\nin context of an affected site. In order to successfully exploit this\r\nvulnerability the targeted user has to be logged as an administrator.\r\n\r\nhorde-3.3.5/admin/cmdshell.php:46:<form action=\"<?php echo\r\n$_SERVER['PHP_SELF'] ?>\" method=\"post\">\r\nhorde-3.3.5/admin/sqlshell.php:29:<form name=\"sqlshell\" action=\"<?php\r\necho $_SERVER['PHP_SELF'] ?>\" method=\"post\">\r\nhorde-3.3.5/admin/phpshell.php:42:<form action=\"<?php echo\r\n$_SERVER['PHP_SELF'] ?>\" method=\"post\">\r\n\r\nIn order to filter the \"PHP_SELF\" variable, the htmlspecialchars\r\nfunction has to be used, like in\r\n'horde-3.3.5/templates/shares/edit.inc' file:\r\n\r\nhorde-3.3.5/templates/shares/edit.inc:1:<form name=\"edit\"\r\nmethod=\"post\" action=\"<?php echo\r\nhtmlspecialchars($_SERVER['PHP_SELF']) ?>\">\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThis PoC will show an alert with the text \"8\"\r\n\r\nhttp://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nIs possible to execute arbitrary HTML or script code in a targeted\r\nuser's browser. Only works with administration sessions.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nHorde 3.3.5 is vulnerable, others may be affected.\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nUpgrade to version 3.3.6\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.horde.org\r\nhttp://lists.horde.org/archives/announce/2009/000529.html\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered by\r\nJuan Galiana Lara (jgaliana (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n-------------------------\r\nOctober 13, 2009: Initial release\r\nOctober 19, 2009: Added CVE id.\r\nDecember 13, 2009: Revision.\r\nDecember 16, 2009: Las revision.\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nOctober 13, 2009: Vulnerability discovered by\r\n Internet Security Auditors.\r\nOctober 13, 2009: Sent to developers.\r\n The issue is considered hard to exploit and\r\n solution is delayed.\r\nDecember 13, 2009: Second contact for correction plan.\r\nDecember 15, 2009: New release published.\r\nDecember 16, 2009: Sent to public lists.\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied \"as-is\"\r\nwith no warranties or guarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse of this information.\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10512/"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:33", "references": [], "edition": 1, "description": "", "reporter": "Juan Galiana Lara", "published": "2009-12-17T00:00:00", "type": "packetstorm", "title": "Horde 3.3.5 Cross Site Scripting", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3701"], "modified": "2009-12-17T00:00:00", "href": "https://packetstormsecurity.com/files/84003/Horde-3.3.5-Cross-Site-Scripting.html", "id": "PACKETSTORM:84003", "sourceData": "`============================================= \nINTERNET SECURITY AUDITORS ALERT 2009-012 \n- Original release date: October 13th, 2009 \n- Last revised: December 16th, 2009 \n- Discovered by: Juan Galiana Lara \n- CVE ID: CVE-2009-3701 \n- Severity: 6.3/10 (CVSS Base Score) \n============================================= \n \nI. VULNERABILITY \n------------------------- \nHorde 3.3.5 \"PHP_SELF\" Cross-Site Scripting vulnerability \n \nII. BACKGROUND \n------------------------- \nThe Horde Application Framework is a modular, general-purpose web \napplication framework written in PHP. It provides an extensive array \nof classes that are targeted at the common problems and tasks involved \nin developing modern web applications. \n \nIII. DESCRIPTION \n------------------------- \nInput passed to 'PHP_SELF' variable is not properly filtered before \nbeing returned to the user. This can be explotied to inject arbitrary \nHTML or to execute arbitrary script code in a user's browser session \nin context of an affected site. In order to successfully exploit this \nvulnerability the targeted user has to be logged as an administrator. \n \nhorde-3.3.5/admin/cmdshell.php:46:<form action=\"<?php echo \n$_SERVER['PHP_SELF'] ?>\" method=\"post\"> \nhorde-3.3.5/admin/sqlshell.php:29:<form name=\"sqlshell\" action=\"<?php \necho $_SERVER['PHP_SELF'] ?>\" method=\"post\"> \nhorde-3.3.5/admin/phpshell.php:42:<form action=\"<?php echo \n$_SERVER['PHP_SELF'] ?>\" method=\"post\"> \n \nIn order to filter the \"PHP_SELF\" variable, the htmlspecialchars \nfunction has to be used, like in \n'horde-3.3.5/templates/shares/edit.inc' file: \n \nhorde-3.3.5/templates/shares/edit.inc:1:<form name=\"edit\" \nmethod=\"post\" action=\"<?php echo \nhtmlspecialchars($_SERVER['PHP_SELF']) ?>\"> \n \nIV. PROOF OF CONCEPT \n------------------------- \nThis PoC will show an alert with the text \"xss\" \n \nhttp://site/horde-3.3.5/admin/phpshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid> \nhttp://site/horde-3.3.5/admin/cmdshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid> \nhttp://site/horde-3.3.5/admin/sqlshell.php/%22%3E%3Cscript%3Ealert%288%29;%3C/script%3E%3Cform%20/?Horde=<sessid> \n \nV. BUSINESS IMPACT \n------------------------- \nIs possible to execute arbitrary HTML or script code in a targeted \nuser's browser. Only works with administration sessions. \n \nVI. SYSTEMS AFFECTED \n------------------------- \nHorde 3.3.5 is vulnerable, others may be affected. \n \nVII. SOLUTION \n------------------------- \nUpgrade to version 3.3.6 \n \nVIII. REFERENCES \n------------------------- \nhttp://www.horde.org \nhttp://lists.horde.org/archives/announce/2009/000529.html \nhttp://www.isecauditors.com \n \nIX. CREDITS \n------------------------- \nThis vulnerability has been discovered by \nJuan Galiana Lara (jgaliana (at) isecauditors (dot) com). \n \nX. REVISION HISTORY \n------------------------- \nOctober 13, 2009: Initial release \nOctober 19, 2009: Added CVE id. \nDecember 13, 2009: Revision. \nDecember 16, 2009: Las revision. \n \nXI. DISCLOSURE TIMELINE \n------------------------- \nOctober 13, 2009: Vulnerability discovered by \nInternet Security Auditors. \nOctober 13, 2009: Sent to developers. \nThe issue is considered hard to exploit and \nsolution is delayed. \nDecember 13, 2009: Second contact for correction plan. \nDecember 15, 2009: New release published. \nDecember 16, 2009: Sent to public lists. \n \nXII. LEGAL NOTICES \n------------------------- \nThe information contained within this advisory is supplied \"as-is\" \nwith no warranties or guarantees of fitness of use or otherwise. \nInternet Security Auditors accepts no responsibility for any damage \ncaused by the use or misuse of this information. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84003/horde-xss.txt"}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3236", "https://bugs.gentoo.org/show_bug.cgi?id=285052", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3237"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.4", "packageName": "www-apps/horde-groupware", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.3.5", "packageName": "www-apps/horde", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.4", "packageName": "www-apps/horde-webmail", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nHorde is a web application framework written in PHP. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Horde: \n\n * Stefan Esser of Sektion1 reported an error within the form library when handling image form fields (CVE-2009-3236).\n * Martin Geisler and David Wharton reported that an error exists in the MIME viewer library when viewing unknown text parts and the preferences system in services/prefs.php when handling number preferences (CVE-2009-3237).\n\n### Impact\n\nA remote authenticated attacker could exploit these vulnerabilities to overwrite arbitrary files on the server, provided that the user has write permissions. A remote authenticated attacker could conduct Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Horde users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-3.3.5\"\n\nAll Horde webmail users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-webmail-1.2.4\"\n\nAll Horde groupware users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/horde-groupware-1.2.4\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2009-11-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "gentoo", "title": "Horde: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3236", "CVE-2009-3237"], "modified": "2009-11-06T00:00:00", "id": "GLSA-200911-01", "href": "https://security.gentoo.org/glsa/200911-01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}