Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-3549 | First vendor Publication | 2006-07-12 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3549 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for horde File : nvt/sles9p5017209.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1406-1 (horde3) File : nvt/deb_1406_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
27032 | Horde go.php url Parameter XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1406.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_horde-1868.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote web server contains a PHP script that is affected by multiple cros... File : horde_url_xss.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:04:18 |
|
2021-04-22 01:04:56 |
|
2020-05-23 00:18:05 |
|
2018-10-18 21:20:14 |
|
2016-04-26 14:50:59 |
|
2014-02-17 10:36:27 |
|
2013-05-11 11:03:04 |
|