|
Family: CGI abuses --> Category: attack
Horde url Parameter File Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read arbitrary files using Horde
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
an information disclosure flaw.
Description :
The version of Horde installed on the remote host fails to validate
input to the 'url' parameter of the 'services/go.php' script before
using it to read files and return their contents. An unauthenticated
attacker may be able to leverage this issue to retrieve the contents
of arbitrary files on the affected host subject to the rights of
the web server user id. This can result in the disclosure of
authentication credentials used by the affected application as well as
other sensitive information.
Note that successful exploitation of this issue seems to require that
PHP's 'magic_quotes_gpc' be disabled, although this has not been
confirmed by the vendor.
See also :
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html
http://cvs.horde.org/diff.php?r1=1.15&r2=1.16&ty=h&f=horde%2Fservices%2Fgo.php
Solution :
Upgrade to Horde 3.1 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|