Debian Security Advisory DSA 2278-1 (horde3) Network Vulnerability

Summary

The remote host is missing an update to horde3 announced via advisory DSA 2278-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202278-1

Insight

It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. For the oldstable distribution (lenny), these problems have been fixed in version 3.2.2+debian0-2+lenny3. For the stable distribution (squeeze), these problems have been fixed in version 3.3.8+debian0-2, which was already included in the squeeze release. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 3.3.8+debian0-2. We recommend that you upgrade your horde3 packages.

Severity

Classification

CVE CVE-2010-3077, CVE-2010-3694

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1140-1 (gnupg)
Debian Security Advisory DSA 036-1 (mc)
Debian Security Advisory DSA 1141-1 (gnupg2)
Debian Security Advisory DSA 1096-1 (webcalendar)
Debian Security Advisory DSA 062-1 (rxvt)

Take action and discover your vulnerabilities