CERTA-2008-AVI-323

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités dans Horde permettent de réaliser des attaques de type cross-site scripting.

Description

Plusieurs vulnérabilités ont été découvertes dans Horde. Celles-ci permettent de réaliser des attaques de type cross-site scripting. Certaines nécessitent de s'être authentifié au préalable.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Horde N/A Horde Groupware Webmail Edition version 1.1.
Horde N/A Horde Groupware Webmail Edition versions 1.0.6 et antérieures ;
Horde N/A Horde version 3.2 ;
Horde N/A Horde Groupware version 1.1 ;
Horde N/A Horde Groupware versions 1.0.5 et antérieures ;
Horde N/A Horde versions 3.1.7 et antérieures ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Groupware Webmail Edition version 1.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware Webmail Edition versions 1.0.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde version 3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware version 1.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware versions 1.0.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde versions 3.1.7 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Horde. Celles-ci\npermettent de r\u00e9aliser des attaques de type cross-site scripting.\nCertaines n\u00e9cessitent de s\u0027\u00eatre authentifi\u00e9 au pr\u00e9alable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "links": [
    {
      "title": "Annonce de la version 1.0.7 de Horde    Groupware Webmail Edition du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000418.html"
    },
    {
      "title": "Annonce de la version 1.1.1 de Horde    Groupware du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000419.html"
    },
    {
      "title": "Annonce de la version 1.1.1 de Horde    Groupware Webmail Edition du 14 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000420.html"
    },
    {
      "title": "Annonce de la version 3.2.1 de Horde du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000416.html"
    },
    {
      "title": "Annonce de la version 3.1.8 de Horde du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000415.html"
    },
    {
      "title": "Annonce de la version 1.0.6 de Horde    Groupware du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000417.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 9 FEDORA-2008-5683 du 25 juin    2008 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-June/msg00954.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 8 FEDORA-2008-5691 du 25 juin    2008 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-June/msg00959.html"
    }
  ],
  "reference": "CERTA-2008-AVI-323",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-17T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Fedora.",
      "revision_date": "2008-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eHorde\u003c/span\u003e permettent de\nr\u00e9aliser des attaques de type \u003cspan class=\"textit\"\u003ecross-site\nscripting\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces des nouvelles versions de Horde du 13 juin 2008",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.