CVE-2006-3549

{"id": "CVE-2006-3549", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-13T00:05:00.000", "references": [{"url": "http://lists.horde.org/archives/announce/2006/000287.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://lists.horde.org/archives/announce/2006/000288.html", "source": "cve@mitre.org"}, {"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20954", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21459", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27565", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1229", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016442", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1406", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18845", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2694", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server."}, {"lang": "es", "value": "services/go.php en Horde Application Framework 3.0.0 hasta la 3.0.10 y 3.1.0 hasta la 3.1.1 no restringe de forma adecuada su capacidad de imagen de proxy, lo cual permite a atacantes remotos llevar a cabo ataques \"Web tunneling\" y utilizar el servidor como un proxy a trav\u00e9s de la URL (1) http, (2) https, y (3) ftp en el par\u00e1metro URL, el cual es respondido desde el servidor."}], "lastModified": "2018-10-18T16:47:55.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269"}, {"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}