| Vulnerability Name: | CVE-2009-0932 (CCN-48286) | ||||||||||||||||||||
| Assigned: | 2009-01-27 | ||||||||||||||||||||
| Published: | 2009-01-27 | ||||||||||||||||||||
| Updated: | 2011-09-22 | ||||||||||||||||||||
| Summary: | Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0932 Source: CONFIRM Type: Vendor Advisory http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 Source: CONFIRM Type: Vendor Advisory http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 Source: CONFIRM Type: Vendor Advisory http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 Source: CCN Type: announce Mailing List, Tue Jan 27 15:09:41 UTC 2009 Horde 3.3.3 (final) Source: MLIST Type: Vendor Advisory [announce] 20090127 Horde 3.3.3 (final) Source: CCN Type: announce Mailing List, Tue Jan 27 15:17:52 UTC 2009 Horde 3.2.4 (final) Source: MLIST Type: Vendor Advisory [announce] 20090127 Horde 3.2.4 (final) Source: CCN Type: announce Mailing List, Tue Jan 27 17:37:00 UTC 2009 Horde Groupware 1.1.5 (final) Source: MLIST Type: Vendor Advisory [announce] 20090127 Horde Groupware 1.1.5 (final) Source: SUSE Type: UNKNOWN SUSE-SR:2009:007 Source: CCN Type: SA33695 Horde / Horde Groupware Cross-Site Scripting and File Inclusion Vulnerability Source: SECUNIA Type: Vendor Advisory 33695 Source: SECUNIA Type: UNKNOWN 34418 Source: SECUNIA Type: UNKNOWN 34609 Source: SREASON Type: UNKNOWN 8077 Source: DEBIAN Type: DSA-1765 horde3 -- Multiple vulnerabilities Source: CCN Type: Horde Web site The Horde Project Source: CCN Type: OSVDB ID: 51887 Horde Multiple Products framework/Image/Image.php Horde_ImageDriver Name Traversal Local File Inclusion Source: BID Type: UNKNOWN 33491 Source: CCN Type: BID-33491 Horde Products Local File Include and Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN horde-image-file-include(48286) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-11-2011] Source: SUSE Type: SUSE-SR:2009:007 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||