Summary
Horde Groupware is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful attacks will compromise the affected application.
Horde Groupware versions 1.2.10 between November 2, 2011, and February 7, 2012, are vulnerable.
Solution
The vendor released an update. Please see the references for details.
References
- http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
- http://git.horde.org/diff.php/groupware/docs/groupware/CHANGES?rt=horde&r1=1.38.2.16&r2=1.38.2.17&ty=h%27
- http://lists.horde.org/archives/announce/2012/000749.html
- http://lists.horde.org/archives/announce/2012/000750.html
- http://lists.horde.org/archives/announce/2012/000751.html
- http://www.securityfocus.com/bid/51989
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0209 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Information Disclosure Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability