CVE-2006-3549

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2006-3548, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474

Published on 13/07/06 - Updated on 18/10/18

Description

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2006-3549
Renater 2007/VULN431

Exploits

SecurityFocusBID-18845

Relative technologies

VendorProduct
hordehorde_application_framework

Share this vulnerability with:

Twitter Facebook LinkedIn Mail