Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New horde3 packages fix cross-site scripting
Informations
Name DSA-1966 First vendor Publication 2010-01-07
Vendor Debian Last vendor Modification 2010-01-07
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-3237

It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file.

CVE-2009-3701

It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators.

CVE-2009-4363

It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.

For the stable distribution (lenny), these problems have been fixed in version 3.2.2+debian0-2+lenny2.

For the oldstable distribution (etch), these problems have been fixed in version 3.1.3-4etch7.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 3.3.6+debian0-1.

We recommend that you upgrade your horde3 packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-1966

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12635
 
Oval ID: oval:org.mitre.oval:def:12635
Title: DSA-1966-1 horde3 -- insufficient input sanitising
Description: Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file. CVE-2009-3701 It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators. CVE-2009-4363 It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages. For the stable distribution, these problems have been fixed in version 3.2.2+debian0-2+lenny2. For the oldstable distribution, these problems have been fixed in version 3.1.3-4etch7. For the testing distribution and the unstable distribution, these problems have been fixed in version 3.3.6+debian0-1. We recommend that you upgrade your horde3 packages.
Family: unix Class: patch
Reference(s): DSA-1966-1
CVE-2009-3237
CVE-2009-3701
CVE-2009-4363
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): horde3
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7069
 
Oval ID: oval:org.mitre.oval:def:7069
Title: DSA-1966 horde3 -- insufficient input sanitising
Description: Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text parts when using text/plain as MIME type. For lenny this issue was already fixed, but as an additional security precaution, the display of inline text was disabled in the configuration file. It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators. It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.
Family: unix Class: patch
Reference(s): DSA-1966
CVE-2009-3237
CVE-2009-3701
CVE-2009-4363
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): horde3
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 33
Application 33
Application 10
Application 9

ExploitDB Exploits

id Description
2009-12-17 Horde 3.3.5 "PHP_SELF" XSS vulnerability

OpenVAS Exploits

Date Description
2010-04-06 Name : Fedora Update for horde FEDORA-2010-5483
File : nvt/gb_fedora_2010_5483_horde_fc11.nasl
2010-04-06 Name : Fedora Update for horde FEDORA-2010-5520
File : nvt/gb_fedora_2010_5520_horde_fc12.nasl
2010-01-11 Name : Debian Security Advisory DSA 1966-1 (horde3)
File : nvt/deb_1966_1.nasl
2009-11-11 Name : Gentoo Security Advisory GLSA 200911-01 (horde horde-webmail horde-groupware)
File : nvt/glsa_200911_01.nasl
2009-09-15 Name : FreeBSD Ports: horde-base
File : nvt/freebsd_horde-base0.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61338 Horde Xss.php Filter Bypass data:// URI XSS
61304 Horde Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS
61303 Horde Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS
61043 Horde Administration Interface admin/phpshell.php PATH_INFO Parameter XSS
58109 Horde Application Framework Numeric Preference Type XSS

Horde Application Framework contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate numeric preference types upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
58108 Horde Application Framework MIME Viewer Text Part Rendering XSS

Horde Application Framework contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unknown text parts upon submission to the MIME viewer. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5483.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5520.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5563.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1966.nasl - Type : ACT_GATHER_INFO
2010-02-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_horde-100210.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:29:07
  • Multiple Updates