Executive Summary

Summary
Titlephp-horde-form security update
Informations
NameDSA-4468First vendor Publication2019-06-21
VendorDebianLast vendor Modification2019-06-21
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.

For the stable distribution (stretch), this problem has been fixed in version 2.0.15-1+deb9u1.

We recommend that you upgrade your php-horde-form packages.

For the detailed security status of php-horde-form please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-horde-form

Original Source

Url : http://www.debian.org/security/2019/dsa-4468

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

Snort® IPS/IDS

DateDescription
2019-05-09Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload ...
RuleID : 49714 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-06-21 13:18:36
  • First insertion