CVE-2001-1258

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
http://online.securityfocus.com/archive/1/198495
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt	Vendor Advisory
http://www.debian.org/security/2001/dsa-073	Exploit Patch Vendor Advisory
http://www.iss.net/security_center/static/6906.php
http://www.securityfocus.com/bid/3083

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:horde:imp:2.0:::::::*
	cpe:2.3:a:horde:imp:2.2:::::::*
	cpe:2.3:a:horde:imp:2.2.1:::::::*
	cpe:2.3:a:horde:imp:2.2.2:::::::*
	cpe:2.3:a:horde:imp:2.2.3:::::::*
	cpe:2.3:a:horde:imp:2.2.4:::::::*
	cpe:2.3:a:horde:imp:2.2.5:::::::*

History

No history.

Information

Published : 2001-07-21 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2001-1258

Mitre link : CVE-2001-1258

CVE.ORG link : CVE-2001-1258

JSON object : View

Products Affected

horde

imp

CWE

NVD-CWE-Other

{"id": "CVE-2001-1258", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-07-21T04:00:00.000", "references": [{"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410", "source": "cve@mitre.org"}, {"url": "http://online.securityfocus.com/archive/1/198495", "source": "cve@mitre.org"}, {"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2001/dsa-073", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/6906.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3083", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server."}], "lastModified": "2011-03-08T02:07:04.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF"}, {"criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E"}, {"criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD"}, {"criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837"}, {"criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C"}, {"criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0"}, {"criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}