Debian Security Advisory DSA 1519-1 (horde3) Network Vulnerability

Summary

The remote host is missing an update to horde3 announced via advisory DSA 1519-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201519-1

Insight

It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. The old stable distribution (sarge) this problem has been fixed in version 3.0.4-4sarge7. For the stable distribution (etch) this problem has been fixed in version 3.1.3-4etch3. For the unstable distribution (sid) this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your horde3 package.

Severity

Classification

CVE CVE-2008-1284

CVSS	Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 1066-1 (phpbb2)
Debian Security Advisory DSA 1102-1 (pinball)
Debian Security Advisory DSA 077-1 (squid)
Debian Security Advisory DSA 1141-1 (gnupg2)

Take action and discover your vulnerabilities