cnvd - cnvd-2015-07682

CNVD-2015-07682

Vulnerability from cnvd - Published: 2015-11-20

Title

Horde Groupware跨站请求伪造漏洞

Description

Horde Groupware是一个免费的，企业级的，基于浏览器的协作套件。 Horde Groupware存在跨站请求伪造漏洞。由于在“/admin/cmdshell.php”,“/admin/sqlshell.php”,“/admin/phpshell.php”脚本未能正确验证的HTTP请求的来源，允许远程攻击者可以欺骗一个登录的管理员访问一个恶意网页，CSRF攻击并在服务器上执行任意系统命令，执行任意SQL查询的应用程序的数据库。

Severity

中

Patch Name

Horde Groupware跨站请求伪造漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://lists.horde.org/archives/announce/2015/001137.html

Reference

https://www.htbridge.com/advisory/HTB23272

Impacted products

Name
Horde Horde Groupware <= 5.2.10

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "77650"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7984"
    }
  },
  "description": "Horde Groupware\u662f\u4e00\u4e2a\u514d\u8d39\u7684\uff0c\u4f01\u4e1a\u7ea7\u7684\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u534f\u4f5c\u5957\u4ef6\u3002\r\n\r\nHorde Groupware\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u7531\u4e8e\u5728\u201c/admin/cmdshell.php\u201d,\u201c/admin/sqlshell.php\u201d,\u201c/admin/phpshell.php\u201d\u811a\u672c\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7684HTTP\u8bf7\u6c42\u7684\u6765\u6e90\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u6b3a\u9a97\u4e00\u4e2a\u767b\u5f55\u7684\u7ba1\u7406\u5458\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\uff0cCSRF\u653b\u51fb\u5e76\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\uff0c\u6267\u884c\u4efb\u610fSQL\u67e5\u8be2\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6570\u636e\u5e93\u3002",
  "discovererName": "High-Tech Bridge Security Research Lab",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://lists.horde.org/archives/announce/2015/001137.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07682",
  "openTime": "2015-11-20",
  "patchDescription": "Horde Groupware\u662f\u4e00\u4e2a\u514d\u8d39\u7684\uff0c\u4f01\u4e1a\u7ea7\u7684\uff0c\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u534f\u4f5c\u5957\u4ef6\u3002\r\n\r\nHorde Groupware\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u7531\u4e8e\u5728\u201c/admin/cmdshell.php\u201d,\u201c/admin/sqlshell.php\u201d,\u201c/admin/phpshell.php\u201d\u811a\u672c\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u7684HTTP\u8bf7\u6c42\u7684\u6765\u6e90\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u6b3a\u9a97\u4e00\u4e2a\u767b\u5f55\u7684\u7ba1\u7406\u5458\u8bbf\u95ee\u4e00\u4e2a\u6076\u610f\u7f51\u9875\uff0cCSRF\u653b\u51fb\u5e76\u5728\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\uff0c\u6267\u884c\u4efb\u610fSQL\u67e5\u8be2\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u6570\u636e\u5e93\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Horde Groupware\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Horde Horde Groupware \u003c= 5.2.10"
  },
  "referenceLink": "https://www.htbridge.com/advisory/HTB23272",
  "serverity": "\u4e2d",
  "submitTime": "2015-11-18",
  "title": "Horde Groupware\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2015-7984 (GCVE-0-2015-7984)

Vulnerability from cvelistv5 – Published: 2015-11-19 20:00 – Updated: 2024-08-06 08:06

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.horde.org/archives/announce/2015/001…	mailing-listx_refsource_MLIST
	http://lists.horde.org/archives/announce/2015/001…	mailing-listx_refsource_MLIST
	https://www.exploit-db.com/exploits/38765/	exploitx_refsource_EXPLOIT-DB
	http://www.debian.org/security/2015/dsa-3391	vendor-advisoryx_refsource_DEBIAN
	http://lists.horde.org/archives/announce/2015/001…	mailing-listx_refsource_MLIST
	https://www.htbridge.com/advisory/HTB23272	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001124.html"
          },
          {
            "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001138.html"
          },
          {
            "name": "38765",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38765/"
          },
          {
            "name": "DSA-3391",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3391"
          },
          {
            "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.horde.org/archives/announce/2015/001137.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001124.html"
        },
        {
          "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001138.html"
        },
        {
          "name": "38765",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38765/"
        },
        {
          "name": "DSA-3391",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3391"
        },
        {
          "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.horde.org/archives/announce/2015/001137.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20151021 [SECURITY] Horde 5.2.8 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001124.html"
            },
            {
              "name": "[announce] 20151022 [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001138.html"
            },
            {
              "name": "38765",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38765/"
            },
            {
              "name": "DSA-3391",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3391"
            },
            {
              "name": "[announce] 20151022 [SECURITY] Horde Groupware 5.2.11 (final)",
              "refsource": "MLIST",
              "url": "http://lists.horde.org/archives/announce/2015/001137.html"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23272",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7984",
    "datePublished": "2015-11-19T20:00:00",
    "dateReserved": "2015-10-26T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-07682

CVE-2015-7984 (GCVE-0-2015-7984)

Tags

Sightings

Nomenclature