Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.
References
Configurations
History
08 Aug 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-219 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
Information
Published : 2002-12-31 05:00
Updated : 2024-08-08 14:35
NVD link : CVE-2002-2024
Mitre link : CVE-2002-2024
CVE.ORG link : CVE-2002-2024
JSON object : View
Products Affected
horde
- imp
CWE