CVE-2006-2195
CVSS6.8
发布时间 :2006-06-15 06:02:00
修订时间 :2011-03-07 21:35:31
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.


[CNNVD]horde 多个跨站脚本攻击漏洞(CNNVD-200606-310)

        horde 3 (horde3) 3.1.1之前版本存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1) templates/problem/problem.inc和(2) test.php注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:horde:horde:3.0.4
cpe:/a:horde:horde:3.0.2
cpe:/a:horde:horde:3.0
cpe:/a:horde:horde:3.0.8
cpe:/a:horde:horde:3.0.4_rc2
cpe:/a:horde:horde:3.0.3
cpe:/a:horde:horde:3.0.6
cpe:/a:horde:horde:3.0.7
cpe:/a:horde:horde:3.0.4_rc1
cpe:/a:horde:horde:3.0.9
cpe:/a:horde:horde:3.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2195
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2195
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-310
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1098
(VENDOR_ADVISORY)  DEBIAN  DSA-1098
http://xforce.iss.net/xforce/xfdb/27168
(UNKNOWN)  XF  horde-test-problem-xss(27168)
http://www.vupen.com/english/advisories/2006/2356
(UNKNOWN)  VUPEN  ADV-2006-2356
http://www.securityfocus.com/bid/18436
(UNKNOWN)  BID  18436
http://www.osvdb.org/26514
(UNKNOWN)  OSVDB  26514
http://www.osvdb.org/26513
(UNKNOWN)  OSVDB  26513
http://www.novell.com/linux/security/advisories/2006_16_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:016
http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml
(UNKNOWN)  GENTOO  GLSA-200606-28
http://securitytracker.com/id?1016310
(UNKNOWN)  SECTRACK  1016310
http://secunia.com/advisories/20960
(UNKNOWN)  SECUNIA  20960
http://secunia.com/advisories/20849
(VENDOR_ADVISORY)  SECUNIA  20849
http://secunia.com/advisories/20750
(VENDOR_ADVISORY)  SECUNIA  20750
http://secunia.com/advisories/20672
(VENDOR_ADVISORY)  SECUNIA  20672
http://secunia.com/advisories/20661
(UNKNOWN)  SECUNIA  20661
http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt
(UNKNOWN)  MISC  http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt
http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
(UNKNOWN)  CONFIRM  http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc
http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
(UNKNOWN)  CONFIRM  http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
http://bugs.gentoo.org/show_bug.cgi?id=136830
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=136830

- 漏洞信息

horde 多个跨站脚本攻击漏洞
中危 跨站脚本
2006-06-15 00:00:00 2007-08-13 00:00:00
远程  
        horde 3 (horde3) 3.1.1之前版本存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1) templates/problem/problem.inc和(2) test.php注入任意Web脚本或HTML。

- 公告与补丁

        暂无数据

- 漏洞信息 (F47557)

Debian Linux Security Advisory 1099-1 (PacketStormID:F47557)
2006-06-21 00:00:00
Debian  debian.org
advisory,web,xss
linux,debian
CVE-2006-2195
[点击下载]

Debian Security Advisory 1099-1 - Michael Marek discovered that the Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1099-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
June 14h, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : horde2
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2195

Michael Marek discovered that the Horde web application framework performs
insufficient input sanitising, which might lead to the injection of web
script code through cross-site scripting.

The old stable distribution (woody) does not contain horde3 packages.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.8-1sarge3.

The unstable distribution (sid) does no longer contain horde2 packages.

We recommend that you upgrade your horde2 package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3.dsc
      Size/MD5 checksum:      575 b4a9b2a7a94bed813b2e827850dcba6a
    http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3.diff.gz
      Size/MD5 checksum:    39898 4c3c63114431c7f5a41548e35af5dff6
    http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
      Size/MD5 checksum:   683005 89961af4e4488a908147d7b3a0dc3b44

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3_all.deb
      Size/MD5 checksum:   721460 9902f0e379cccfa8cc6da1e16375379c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEkGxsXm3vHE4uyloRAgnkAKCg2ibgVFPJXRd2V4auL2H7U+FOqgCghNKw
NTsMarixuBEmWASzZyk/P5E=
=ffvi
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F47556)

Debian Linux Security Advisory 1098-1 (PacketStormID:F47556)
2006-06-21 00:00:00
Debian  debian.org
advisory,web,xss
linux,debian
CVE-2006-2195
[点击下载]

Debian Security Advisory 1098-1 - Michael Marek discovered that the Horde web application framework performs insufficient input sanitising, which might lead to the injection of web script code through cross-site scripting.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1098-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
June 14th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : horde3
Vulnerability  : missing input sanitising
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-2195

Michael Marek discovered that the Horde web application framework performs
insufficient input sanitising, which might lead to the injection of web
script code through cross-site scripting.

The old stable distribution (woody) does not contain horde3 packages.

For the stable distribution (sarge) this problem has been fixed in
version 3.0.4-4sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 3.1.1-3.

We recommend that you upgrade your horde3 package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4.dsc
      Size/MD5 checksum:      628 736efdacbeb3dc6963c79a48a43f49bd
    http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4.diff.gz
      Size/MD5 checksum:    12114 faaa734a691a552c451fc67359119280
    http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
      Size/MD5 checksum:  3378143 e2221d409ba1c8841ce4ecee981d7b61

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4_all.deb
      Size/MD5 checksum:  3436798 2c57d60ccb9e4493384212ea69f9fada


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEkGqQXm3vHE4uyloRAjQKAJ9RMl64IbN4kvdAk5SIadfWvTqO6gCgoj+v
JEHx+Fj1rXVmc9zZHlcFltI=
=JQvH
-----END PGP SIGNATURE-----

    

- 漏洞信息

26513
Horde test.php url Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Horde contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the test.php script when the 'mode' variable is set to the value 'phpinfo' or 'filetest'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-03-30 Unknow
2006-06-15 Unknow

- 解决方案

Debian users should upgrade to the version recommended by the distribution as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. For other users currently there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities
Input Validation Error 18436
Yes No
2006-06-14 12:00:00 2006-07-17 05:13:00
Michael Marek is credited with the discovery of these vulnerabilities.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Enterprise Server 9
Horde Project Horde 3.0.4 -RC 2
Horde Project Horde 3.0.4 -RC 1
Horde Project Horde 3.0.4
Horde Project Horde 2.2.8
Gentoo www-apps/horde 3.1.1 r1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Horde is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

- 漏洞利用

Attackers exploit these issues by enticing a victim to follow a malicious link that includes hostile HTML and script code.

- 解决方案

The vendor has released patches to address these issues; please see the advisory section for details.

mailto:vuldb@securityfocus.com


Horde Project Horde 2.2.8

Horde Project Horde 3.0.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站