Horde Groupware Source Packages Backdoor Vulnerability Network Vulnerability

Summary

Horde Groupware is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful attacks will compromise the affected application. Horde Groupware versions 1.2.10 between November 2, 2011, and February 7, 2012, are vulnerable.

Solution

The vendor released an update. Please see the references for details.

References

http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
http://git.horde.org/diff.php/groupware/docs/groupware/CHANGES?rt=horde&r1=1.38.2.16&r2=1.38.2.17&ty=h%27
http://lists.horde.org/archives/announce/2012/000749.html
http://lists.horde.org/archives/announce/2012/000750.html
http://lists.horde.org/archives/announce/2012/000751.html
http://www.securityfocus.com/bid/51989

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0209
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Avenger's News System Command Execution
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Allegro RomPager `Misfortune Cookie` Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14

Take action and discover your vulnerabilities