|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses >> Horde url Parameter File Disclosure Vulnerability Vulnerability Assessment Details
|
Horde url Parameter File Disclosure Vulnerability |
||
Tries to read arbitrary files using Horde Detailed Explanation for this Vulnerability Assessment Summary : The remote web server contains a PHP application that is affected by an information disclosure flaw. Description : The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it to read files and return their contents. An unauthenticated attacker may be able to leverage this issue to retrieve the contents of arbitrary files on the affected host subject to the rights of the web server user id. This can result in the disclosure of authentication credentials used by the affected application as well as other sensitive information. Note that successful exploitation of this issue seems to require that PHP's 'magic_quotes_gpc' be disabled, although this has not been confirmed by the vendor. See also : http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html http://cvs.horde.org/diff.php?r1=1.15&r2=1.16&ty=h&f=horde%2Fservices%2Fgo.php Solution : Upgrade to Horde 3.1 or later. Network Security Threat Level: Low / CVSS Base Score : 2.3 (AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N) Networks Security ID: 17117 Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
Cisco ASA5525-FTD-K9 Security Appliance with FirePower Services
$1000.00
NetGate SG-2440 with pfSense Plus Console GNU Router Firewall Security Appliance
$69.99
Ubiquiti Networks USG Unifi Security Gateway Router/Firewall
$29.95
Outstanding Fortinet Fortigate FG-100D Firewall Appliance w/Rack Ears
$65.00
Fortinet FortiGate FG-81E Network Security Firewall LAN Port Switch w/ Adapter
$149.00
Fortinet Fortiwifi 60D FWF-60D Security Appliance Firewall Wifi VPN
$29.99
Cisco Meraki MX64-HW Cloud Managed Firewall
$19.95
Dell SonicWall TZ400 Firewall Appliance
$39.99
Fortinet Fortiwifi 60D FG-60D Security Appliance Firewall / VPN w/ AC Adapter
$34.97
|
||
No Discussions have been posted on this vulnerability. |