| VID |
21864 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Horde Application Framework is vulnerable to a file disclosure vulnerability via the 'url' parameter. Horde Application Framework is an Web application framework written in PHP. Horde Application Framework version 3.0.9 and possibly other versions could allow a remote attacker to read arbitrary files, caused by improper filtering of user-supplied input passed to the 'url' parameter of the 'services/go.php' script. By sending a specially-crafted HTTP GET request to the 'services/go.php' script containing a NULL byte character within the 'url' parameter, a remote attacker could read arbitrary files on the affected system.
* References:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html
http://cvs.horde.org/diff.php?r1=1.15&r2=1.16&ty=h&f=horde%2Fservices%2Fgo.php
http://secunia.com/advisories/19246/
* Platforms Affected:
Horde Project, Horde version 3.0.9 and possibly other versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Horde Application Framework (3.1 or later), available from the Horde Web site at http://www.horde.org/horde/ |
| Related URL |
CVE-2006-1260 (CVE) |
| Related URL |
17117 (SecurityFocus) |
| Related URL |
25239 (ISS) |
|
