Check Point Advisories

Update Protection against Horde Help Viewer Vulnerability

Check Point Reference: CPAI-2006-076
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: FrSIRT/ADV-2006-1154
Industry Reference:CVE-2006-1491
Protection Provided by:
Who is Vulnerable? Horde versions prior to 3.1.1
Horde versions prior to 3.0.10
Vulnerability Description The Horde Application Framework is a modular, general-purpose web application framework written in PHP. A vulnerability has been identified in Horde Application Framework, which may be exploited by attackers to compromise a vulnerable web server.
Update/Patch AvaliableUpgrade to Horde version 3.1.1 or 3.0.10, or apply patches :
http://ftp.horde.org/pub/horde/
Vulnerability DetailsThis flaw is due to input validation errors in the help viewer that does not validate certain variables. Remote attackers can exploit this to execute arbitrary commands with the privileges of the web server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK