CVE-2006-3549

2006-07-1300:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.013

Percentile

85.7%

JSON

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and
3.1.0 through 3.1.1 does not properly restrict its image proxy capability,
which allows remote attackers to perform “Web tunneling” attacks and use
the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url
parameter, which is requested from the server.

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchhorde3< 3.1.3-1UNKNOWN
ubuntu7.04noarchhorde3< 3.1.3-1UNKNOWN
ubuntu7.10noarchhorde3< 3.1.3-1UNKNOWN
ubuntu8.04noarchhorde3< 3.1.3-1UNKNOWN
ubuntu8.10noarchhorde3< 3.1.3-1UNKNOWN
ubuntu9.04noarchhorde3< 3.1.3-1UNKNOWN
ubuntu9.10noarchhorde3< 3.1.3-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	7.04	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	7.10	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	8.04	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	8.10	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	9.04	noarch	horde3	< 3.1.3-1	UNKNOWN
ubuntu	9.10	noarch	horde3	< 3.1.3-1	UNKNOWN