CVE-2017-7413: OS Command Injection
First published: Tue Apr 04 2017(Updated: )
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Groupware Webmail Edition | <=5.2.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7413?
CVE-2017-7413 is classified as a high severity vulnerability due to its potential exploitation through OS command injection.
How do I fix CVE-2017-7413?
To fix CVE-2017-7413, upgrade Horde_Crypt to version 2.7.6 or later and ensure your Horde Groupware Webmail Edition is updated beyond version 5.2.17.
Who is affected by CVE-2017-7413?
CVE-2017-7413 affects authenticated Horde Webmail users who have PGP features enabled in their preferences.
What types of attacks are possible with CVE-2017-7413?
CVE-2017-7413 allows attackers to execute OS commands on the server by exploiting the email encryption feature.
What are the implications of CVE-2017-7413?
Exploiting CVE-2017-7413 can lead to unauthorized access and control over the server hosting the affected Horde Groupware installation.
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- vendor/horde
- canonical/horde groupware webmail edition
- version/horde groupware webmail edition/5.2.17