CVE-2008-1284: Path Traversal
First published: Tue Mar 11 2008(Updated: )
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde | =3.1.6 | |
| Horde Groupware Webmail Edition | <=1.0.4 | |
| Horde Groupware | <=1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.horde.org/archives/announce/2008/000383.html
- http://lists.horde.org/archives/announce/2008/000384.html
- http://lists.horde.org/archives/announce/2008/000382.html
- http://www.securityfocus.com/bid/28153
- http://secunia.com/advisories/29286
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
- http://secunia.com/advisories/29374
- http://www.debian.org/security/2008/dsa-1519
- http://secunia.com/advisories/29400
- http://securityreason.com/securityalert/3726
- http://security.gentoo.org/glsa/glsa-200805-01.xml
- http://secunia.com/advisories/30047
- http://www.vupen.com/english/advisories/2008/0822/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41054
- http://www.securityfocus.com/archive/1/489289/100/0/threaded
- http://www.securityfocus.com/archive/1/489239/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1284?
CVE-2008-1284 has a medium severity rating due to the potential for unauthorized file access by authenticated users.
How do I fix CVE-2008-1284?
To fix CVE-2008-1284, upgrade to Horde Groupware versions 1.0.5 or later and Horde 3.1.6 or later.
Which versions are affected by CVE-2008-1284?
CVE-2008-1284 affects Horde 3.1.6, Groupware versions before 1.0.5, and Groupware Webmail Edition versions before 1.0.6.
Can CVE-2008-1284 be exploited remotely?
Yes, CVE-2008-1284 can be exploited remotely by authenticated users to access arbitrary files.
What configurations increase the risk of CVE-2008-1284?
Certain configurations that allow for directory traversal using ".." sequences increase the risk of CVE-2008-1284.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/horde
- canonical/horde
- version/horde/3.1.6
- canonical/horde groupware webmail edition
- version/horde groupware webmail edition/1.0.4
- canonical/horde groupware
- version/horde groupware/1.0.5