CVE-2006-3549

critical

Description

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.

References

http://www.vupen.com/english/advisories/2006/2694

http://www.securityfocus.com/archive/1/439255/100/0/threaded

http://www.novell.com/linux/security/advisories/2006_19_sr.html

http://www.debian.org/security/2007/dsa-1406

http://securityreason.com/securityalert/1229

http://secunia.com/advisories/27565

http://secunia.com/advisories/21459

http://secunia.com/advisories/20954

http://lists.horde.org/archives/announce/2006/000288.html

http://lists.horde.org/archives/announce/2006/000287.html

Details

Source: Mitre, NVD

Published: 2006-07-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical