Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1284

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-1284
Last Modified 07 Mar 2011 10:06:27
Published 10 Mar 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-1284

Summary

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.

Vulnerable Systems

Application

  • Horde 3.1.6

  • Horde Groupware 1.0.4

  • Horde Groupware Webmail Edition 1.0.5


References

BID - 28153

MLIST - [announce] 20080307 Horde 3.1.7 (final)

FEDORA - FEDORA-2008-2406

FEDORA - FEDORA-2008-2362

XF - horde-theme-file-include(41054)

VUPEN - ADV-2008-0822

BUGTRAQ - 20080308 Re: Horde Webmail file inclusion proof of concept & patch.

BUGTRAQ - 20080307 Horde Webmail file inclusion proof of concept & patch.

DEBIAN - DSA-1519

SREASON - 3726

GENTOO - GLSA-200805-01

SECUNIA - 30047

SECUNIA - 29400

SECUNIA - 29374

SECUNIA - 29286

MLIST - [announce] 20080307 Horde Groupware Webmail Edition 1.0.6 (final)

MLIST - [announce] 20080307 Horde Groupware 1.0.5 (final)


Last Updated: 27 May 2016 10:47:06