First published: Thu Jul 13 2006(Updated: )
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Horde Horde Application Framework | =3.0.0 | |
Horde Horde Application Framework | =3.0.4 | |
Horde Horde Application Framework | =3.1.0 | |
Horde Horde Application Framework | =3.0.5 | |
Horde Horde Application Framework | =3.0.10 | |
Horde Horde Application Framework | =3.0.1 | |
Horde Horde Application Framework | =3.1.1 | |
Horde Horde Application Framework | =3.0.8 | |
Horde Horde Application Framework | =3.0.3 | |
Horde Horde Application Framework | =3.0.6 | |
Horde Horde Application Framework | =3.0.9 | |
Horde Horde Application Framework | =3.0.7 | |
Horde Horde Application Framework | =3.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.