CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
85.7%
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and
3.1.0 through 3.1.1 does not properly restrict its image proxy capability,
which allows remote attackers to perform “Web tunneling” attacks and use
the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url
parameter, which is requested from the server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.10 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 7.04 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 7.10 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 8.04 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 8.10 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 9.04 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |
ubuntu | 9.10 | noarch | horde3 | < 3.1.3-1 | UNKNOWN |