Horde Framework Login.PHP Cross-Site Scripting Vulnerability
BID:22984
Info
Horde Framework Login.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 22984 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1473 CVE-2007-1474 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2007 12:00AM |
| Updated: | Nov 15 2007 12:38AM |
| Credit: | Moritz Naumann reported this issue. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Openexchange Server SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server 10 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Horde Project Horde 3.1.3 Horde Project Horde 3.1.2 Horde Project Horde 3.1.1 Horde Project Horde 3.0.11 Horde Project Horde 3.0.10 Horde Project Horde 3.0.9 Horde Project Horde 3.0.8 Horde Project Horde 3.0.7 Horde Project Horde 3.0.6 Horde Project Horde 3.0.4 -RC 2 Horde Project Horde 3.0.4 -RC 1 Horde Project Horde 3.0.4 Horde Project Horde 3.0.3 Horde Project Horde 3.0.2 Horde Project Horde 3.0.1 Horde Project Horde 3.0 Horde Project Horde 2.2.9 Horde Project Horde 2.2.8 Horde Project Horde 2.2.7 Horde Project Horde 2.2.6 Horde Project Horde 2.2.5 Horde Project Horde 2.2.4 -RC1 Horde Project Horde 2.2.4 Horde Project Horde 2.2.3 Horde Project Horde 2.2.1 Horde Project Horde 2.2 Horde Project Horde 2.1.3 Horde Project Horde 2.1 Horde Project Horde 2.0 Horde Project Horde 1.2.8 Horde Project Horde 1.2.7 Horde Project Horde 1.2.6 Horde Project Horde 1.2.5 Horde Project Horde 1.2.4 Horde Project Horde 1.2.3 Horde Project Horde 1.2.2 Horde Project Horde 1.2.1 Horde Project Horde 1.2 Horde Project Horde 3.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
Horde Project Horde 3.1.4 |
Discussion
Horde Framework Login.PHP Cross-Site Scripting Vulnerability
Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
This issue affects versions prior to 3.1.4.
Horde Framework is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
This issue affects versions prior to 3.1.4.
Exploit / POC
Horde Framework Login.PHP Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following proof of concept is available:
http://www.example.com/horde/[Horde_App]/login.php?new_lang=[xss]
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following proof of concept is available:
http://www.example.com/horde/[Horde_App]/login.php?new_lang=[xss]
Solution / Fix
Horde Framework Login.PHP Cross-Site Scripting Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Horde Framework Login.PHP Cross-Site Scripting Vulnerability
References:
References:
- [announce] Horde 3.1.4 (final) (Horde Homepage)
- Pandora Homepage (Pandora FMS Team)
- Horde 3.1.4 (RC1) fixes XSS issue ([email protected])