Executive Summary
Summary | |
---|---|
Title | php-horde-form security update |
Informations | |||
---|---|---|---|
Name | DSA-4468 | First vendor Publication | 2019-06-21 |
Vendor | Debian | Last vendor Modification | 2019-06-21 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution. For the stable distribution (stretch), this problem has been fixed in version 2.0.15-1+deb9u1. We recommend that you upgrade your php-horde-form packages. For the detailed security status of php-horde-form please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-horde-form |
Original Source
Url : http://www.debian.org/security/2019/dsa-4468 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-05-09 | Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload ... RuleID : 49714 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2019-06-21 13:18:36 |
|