oval:org.mitre.oval:def:7069

Definition Id: oval:org.mitre.oval:def:7069
 
Oval ID: oval:org.mitre.oval:def:7069
Title: DSA-1966 horde3 -- insufficient input sanitising
Description: Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file. It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators. It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.
Family: unix Class: patch
Reference(s): DSA-1966
CVE-2009-3237
CVE-2009-3701
CVE-2009-4363
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): horde3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6513
 
Oval ID: oval:org.mitre.oval:def:6513
Title: Debian GNU/Linux 5.0 is installed
Description: Debian GNU/Linux 5.0 (lenny) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:5.0
 Version: 7
Platform(s): Debian GNU/Linux 5.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:7069
Definition Id: oval:org.mitre.oval:def:6461
 
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
 Version: 9
Platform(s): Debian GNU/Linux 4.0
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:7069