Vulnerability CVE-2009-4363 - CERT Civis.Net

Vulnerability Name:

CVE-2009-4363 (CCN-54817)

Assigned:

2009-12-15

Published:

2009-12-15

Updated:

2019-06-18

Summary:

Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message.
Note: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: Exploit
http://bugs.horde.org/ticket/8715

Source: CONFIRM
Type: Exploit
http://bugs.horde.org/view.php?actionID=view_file&type=patch&file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch&ticket=8715

Source: MITRE
Type: CNA
CVE-2009-4363

Source: CONFIRM
Type: UNKNOWN
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h

Source: MLIST
Type: Patch
[announce] 20091215 Horde 3.3.6 (final)

Source: CCN
Type: horde-announce Mailing List, 2009-12-15 18:24:01
Horde 3.3.6 (final)

Source: MLIST
Type: Patch
[announce] 20091216 Horde Groupware 1.2.5 (final)

Source: CCN
Type: horde-announce
Horde Groupware Webmail Edition 1.2.5 (final)

Source: MLIST
Type: Patch
[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final)

Source: CCN
Type: SA37709
Horde Application Framework "PHP_SELF" Cross-Site Scripting Vulnerabilities

Source: CCN
Type: SA37823
Horde Groupware / Groupware Webmail Edition Cross-Site Scripting Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1023365
Horde Application Framework Input Validation Flaw in Administrator Scripts Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1023365

Source: DEBIAN
Type: DSA-1966
horde3 -- insufficient input sanitising

Source: CCN
Type: The Horde Project Web site
The Horde Project

Source: CCN
Type: OSVDB ID: 61338
Horde Xss.php Filter Bypass data:// URI XSS

Source: CCN
Type: BID-37351
Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
horde-admininterface-xss(54817)

Source: SUSE
Type: SUSE-SR:2010:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:horde:application_framework:2.0:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.4_rc1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:2.2.6:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.2:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.2.4:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.3.1:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.3.2:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.3.3:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:3.3.4:*:*:*:*:*:*:*

OR cpe:/a:horde:application_framework:*:*:*:*:*:*:*:* (Version <= 3.3.5)

OR cpe:/a:horde:groupware:1.0:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2:rc1:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:*:*:*:*:*:*:*:* (Version <= 1.2.4)

Configuration 2:

cpe:/a:horde:groupware:1.0:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0:rc1:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0:rc2:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:rc1:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:rc2:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:rc3:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1:rc4:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2:rc1:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:horde:groupware:1.2.3:rc1:*:*:*:*:*:*

OR cpe:/a:horde:groupware:*:*:*:*:*:*:*:* (Version <= 1.2.4)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20094363	V	CVE-2009-4363	2015-11-16
oval:org.mitre.oval:def:12635	P	DSA-1966-1 horde3 -- insufficient input sanitising	2014-07-21
oval:org.mitre.oval:def:7069	P	DSA-1966 horde3 -- insufficient input sanitising	2014-06-23
oval:org.debian:def:1966	V	insufficient input sanitising	2010-01-07