Lucene search

Ubuntu.comUB:CVE-2009-3701

HistoryDec 21, 2009 - 12:00 a.m.

CVE-2009-3701

2009-12-2100:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administration
interface in Horde Application Framework before 3.3.6, Horde Groupware
before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote
attackers to inject arbitrary web script or HTML via the PATH_INFO to (1)
phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to
the PHP_SELF variable.

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchhorde3< 3.2.2+debian0-2+lenny2build0.9.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.04	noarch	horde3	< 3.2.2+debian0-2+lenny2build0.9.04.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2009-3701

nvd.nist.gov/vuln/detail/CVE-2009-3701

security-tracker.debian.org/tracker/CVE-2009-3701

www.cve.org/CVERecord?id=CVE-2009-3701

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.2%

JSON

Related for UB:CVE-2009-3701