Debian Security Advisory DSA 1519-1 (horde3) Network Vulnerability

Summary

The remote host is missing an update to horde3 announced via advisory DSA 1519-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201519-1

Insight

It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package.

Severity

Classification

CVE CVE-2008-1284
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1077-1 (lynx-ssl)
Debian Security Advisory DSA 1154-1 (squirrelmail)
Debian Security Advisory DSA 1102-1 (pinball)
Debian Security Advisory DSA 052-1 (sendfile)
Debian Security Advisory DSA 103-1 (glibc)

Take action and discover your vulnerabilities