| VID |
21870 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Horde Application Framework is vulnerable to a command execution vulnerability via the help viewer. Horde Application Framework is an Web application framework written in PHP. Horde Application Framework versions 3.0 prior to 3.0.10 and 3.1.1 could allow a remote attacker to execute commands on the system, caused by improper validation of the module parameter in the help viewer. A remote attacker could exploit this vulnerability to execute arbitrary commands on the affected system with privileges of the Web server process.
* References:
http://lists.horde.org/archives/announce/2006/000272.html
http://lists.horde.org/archives/announce/2006/000271.html
http://www.frsirt.com/english/advisories/2006/1154
* Platforms Affected:
Horde Project, Horde versions prior to 3.0.10
Horde Project, Horde versions prior to 3.1.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Horde Application Framework (3.0.10 or 3.1.1 or later) or apply the patches, available from the Horde Web site at http://www.horde.org/horde/ |
| Related URL |
CVE-2006-1491 (CVE) |
| Related URL |
17292 (SecurityFocus) |
| Related URL |
25516 (ISS) |
|
