5
CVE-2006-3549
- EPSS 2.35%
- Veröffentlicht 13.07.2006 00:05:00
- Zuletzt bearbeitet 16.06.2026 22:27:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Horde ≫ Horde Application Framework Version3.0.0
Horde ≫ Horde Application Framework Version3.0.1
Horde ≫ Horde Application Framework Version3.0.2
Horde ≫ Horde Application Framework Version3.0.3
Horde ≫ Horde Application Framework Version3.0.4
Horde ≫ Horde Application Framework Version3.0.5
Horde ≫ Horde Application Framework Version3.0.6
Horde ≫ Horde Application Framework Version3.0.7
Horde ≫ Horde Application Framework Version3.0.8
Horde ≫ Horde Application Framework Version3.0.9
Horde ≫ Horde Application Framework Version3.0.10
Horde ≫ Horde Application Framework Version3.1.0
Horde ≫ Horde Application Framework Version3.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.35% | 0.815 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/21459
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://lists.horde.org/archives/announce/2006/000287.html
http://lists.horde.org/archives/announce/2006/000288.html
http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
http://secunia.com/advisories/20954
http://secunia.com/advisories/27565
http://securityreason.com/securityalert/1229
http://securitytracker.com/id?1016442
http://www.debian.org/security/2007/dsa-1406
http://www.securityfocus.com/archive/1/439255/100/0/threaded
http://www.securityfocus.com/bid/18845
http://www.vupen.com/english/advisories/2006/2694