4.3 - CVE-2009-2360

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2009-2360	First vendor Publication	2009-07-08
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2360

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13021

Oval ID:	oval:org.mitre.oval:def:13021
Title:	DSA-1829-1 sork-passwd-h3 -- insufficient input sanitising
Description:	It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch1. For the stable distribution, this problem has been fixed in version 3.0-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.1. We recommend that you upgrade your sork-passwd-h3 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1829-1 CVE-2009-2360	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	sork-passwd-h3
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+etch1

Definition Id: oval:org.mitre.oval:def:13657

Oval ID:	oval:org.mitre.oval:def:13657
Title:	DSA-1829-2 sork-passwd-h3 -- insufficient input sanitising
Description:	The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. For reference the original advisory text is below. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution, this problem has been fixed in version 3.0-2+etch2. For the stable distribution, this problem has been fixed in version 3.0-2+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 3.1-1.2. We recommend that you upgrade your sork-passwd-h3 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1829-2 CVE-2009-2360	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	sork-passwd-h3
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND sork-passwd-h3 DPKG is earlier than 3.0-2+etch2

Definition Id: oval:org.mitre.oval:def:8025

Oval ID:	oval:org.mitre.oval:def:8025
Title:	DSA-1829 sork-passwd-h3 -- insufficient input sanitising
Description:	It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
Family:	unix	Class:	patch
Reference(s):	DSA-1829 CVE-2009-2360	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	sork-passwd-h3
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND sork-passwd-h3 is earlier than 3.0-2+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND sork-passwd-h3 is earlier than 3.0-2+etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Horde Passwd cpe:2.3:a:horde:passwd:2.2.2:::::::* cpe:2.3:a:horde:passwd:2.2.1:::::::* cpe:2.3:a:horde:passwd:2.2:::::::* cpe:2.3:a:horde:passwd:2.1:::::::* cpe:2.3:a:horde:passwd:2.0:::::::*	5

OpenVAS Exploits

Date	Description
2009-09-15	Name : Gentoo Security Advisory GLSA 200909-14 (horde horde-imp horde-passwd) File : nvt/glsa_200909_14.nasl
2009-07-29	Name : Debian Security Advisory DSA 1829-1 (sork-passwd-h3) File : nvt/deb_1829_1.nasl
2009-07-29	Name : Debian Security Advisory DSA 1829-2 (sork-passwd-h3) File : nvt/deb_1829_2.nasl
2009-07-29	Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl
2009-07-29	Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl
2009-07-29	Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
55665	Passwd Module for Horde passwd/main.php backend Parameter XSS Passwd Module for Horde contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the back-end parameter upon submission to the passwd/main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Description

55665

Passwd Module for Horde passwd/main.php backend Parameter XSS

Passwd Module for Horde contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the back-end parameter upon submission to the passwd/main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1829.nasl - Type : ACT_GATHER_INFO
2009-09-14	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-14.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.horde.org/ticket/8398
http://lists.horde.org/archives/announce/2009/000507.html
http://secunia.com/advisories/35720
http://secunia.com/advisories/35769
http://www.debian.org/security/2009/dsa-1829
http://www.securityfocus.com/bid/35573
http://www.vupen.com/english/advisories/2009/1784
https://exchange.xforce.ibmcloud.com/vulnerabilities/51542

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:10:54	Multiple Updates
2024-11-28 12:19:21	Multiple Updates
2021-05-04 12:09:47	Multiple Updates
2021-04-22 01:10:07	Multiple Updates
2020-05-23 01:40:36	Multiple Updates
2020-05-23 00:24:00	Multiple Updates
2017-08-17 09:22:38	Multiple Updates
2016-04-26 18:57:13	Multiple Updates
2014-02-17 10:50:40	Multiple Updates
2013-05-10 23:53:39	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	5
Sources(s)	8
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	2

	Related
6.4	GLSA-200909-14
4.3	DSA-1829
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)