CERTA-2008-AVI-323
Vulnerability from certfr_avis

Des vulnérabilités dans Horde permettent de réaliser des attaques de type cross-site scripting.

Description

Plusieurs vulnérabilités ont été découvertes dans Horde. Celles-ci permettent de réaliser des attaques de type cross-site scripting. Certaines nécessitent de s'être authentifié au préalable.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Horde N/A Horde Groupware Webmail Edition version 1.1.
Horde N/A Horde Groupware Webmail Edition versions 1.0.6 et antérieures ;
Horde N/A Horde version 3.2 ;
Horde N/A Horde Groupware version 1.1 ;
Horde N/A Horde Groupware versions 1.0.5 et antérieures ;
Horde N/A Horde versions 3.1.7 et antérieures ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Horde Groupware Webmail Edition version 1.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware Webmail Edition versions 1.0.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde version 3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware version 1.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde Groupware versions 1.0.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    },
    {
      "description": "Horde versions 3.1.7 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Horde",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Horde. Celles-ci\npermettent de r\u00e9aliser des attaques de type cross-site scripting.\nCertaines n\u00e9cessitent de s\u0027\u00eatre authentifi\u00e9 au pr\u00e9alable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2008-06-17T00:00:00",
  "last_revision_date": "2008-06-27T00:00:00",
  "links": [
    {
      "title": "Annonce de la version 1.0.7 de Horde    Groupware Webmail Edition du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000418.html"
    },
    {
      "title": "Annonce de la version 1.1.1 de Horde    Groupware du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000419.html"
    },
    {
      "title": "Annonce de la version 1.1.1 de Horde    Groupware Webmail Edition du 14 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000420.html"
    },
    {
      "title": "Annonce de la version 3.2.1 de Horde du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000416.html"
    },
    {
      "title": "Annonce de la version 3.1.8 de Horde du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000415.html"
    },
    {
      "title": "Annonce de la version 1.0.6 de Horde    Groupware du 13 juin 2008 :",
      "url": "http://lists.horde.org/archives/announce/2008/000417.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 9 FEDORA-2008-5683 du 25 juin    2008 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-June/msg00954.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 8 FEDORA-2008-5691 du 25 juin    2008 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-June/msg00959.html"
    }
  ],
  "reference": "CERTA-2008-AVI-323",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-17T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Fedora.",
      "revision_date": "2008-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eHorde\u003c/span\u003e permettent de\nr\u00e9aliser des attaques de type \u003cspan class=\"textit\"\u003ecross-site\nscripting\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Horde",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces des nouvelles versions de Horde du 13 juin 2008",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.