CVE-2006-3549

2006-07-1300:05:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.013

Percentile

85.7%

JSON

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform “Web tunneling” attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.

Affected configurations

Nvd

Node

hordehorde_application_frameworkMatch3.0.0

hordehorde_application_frameworkMatch3.0.1

hordehorde_application_frameworkMatch3.0.2

hordehorde_application_frameworkMatch3.0.3

hordehorde_application_frameworkMatch3.0.4

hordehorde_application_frameworkMatch3.0.5

hordehorde_application_frameworkMatch3.0.6

hordehorde_application_frameworkMatch3.0.7

hordehorde_application_frameworkMatch3.0.8

hordehorde_application_frameworkMatch3.0.9

hordehorde_application_frameworkMatch3.0.10

hordehorde_application_frameworkMatch3.1.0

hordehorde_application_frameworkMatch3.1.1

VendorProductVersionCPE
hordehorde_application_framework3.0.0cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*
hordehorde_application_framework3.0.1cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*
hordehorde_application_framework3.0.2cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*
hordehorde_application_framework3.0.3cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*
hordehorde_application_framework3.0.4cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
hordehorde_application_framework3.0.5cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*
hordehorde_application_framework3.0.6cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*
hordehorde_application_framework3.0.7cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*
hordehorde_application_framework3.0.8cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*
hordehorde_application_framework3.0.9cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
horde	horde_application_framework	3.0.0	cpe:2.3:a:horde:horde_application_framework:3.0.0:::::::*
horde	horde_application_framework	3.0.1	cpe:2.3:a:horde:horde_application_framework:3.0.1:::::::*
horde	horde_application_framework	3.0.2	cpe:2.3:a:horde:horde_application_framework:3.0.2:::::::*
horde	horde_application_framework	3.0.3	cpe:2.3:a:horde:horde_application_framework:3.0.3:::::::*
horde	horde_application_framework	3.0.4	cpe:2.3:a:horde:horde_application_framework:3.0.4:::::::*
horde	horde_application_framework	3.0.5	cpe:2.3:a:horde:horde_application_framework:3.0.5:::::::*
horde	horde_application_framework	3.0.6	cpe:2.3:a:horde:horde_application_framework:3.0.6:::::::*
horde	horde_application_framework	3.0.7	cpe:2.3:a:horde:horde_application_framework:3.0.7:::::::*
horde	horde_application_framework	3.0.8	cpe:2.3:a:horde:horde_application_framework:3.0.8:::::::*
horde	horde_application_framework	3.0.9	cpe:2.3:a:horde:horde_application_framework:3.0.9:::::::*