CVE-2006-3549
Published Jul 13, 2006
Last updated 6 years ago
Overview
- Description
- services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76A5CF62-60DD-4EA7-A6C3-2061548EF1B1"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0A882D-9BEB-4A3C-9371-69260374E0B6"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A17E3AFB-849F-463D-96E8-686B049F48DC"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "047563A7-5F6A-4DE2-8518-88E4E6EEB7D1"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78356C5F-A76E-4CB1-894D-0D882A665096"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0405EC4-12DA-4F15-A5B0-799D399C759E"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1C1DE26-E7B2-4A4E-9F6D-4206F7BC5EBD"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6ED629B0-A214-47B5-9767-B47AFB154AFD"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C07F450D-6DF4-48F2-8776-E791BCBD469A"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE5B2E87-5A29-4EF8-8BCC-1E5AE28BE6EC"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C55F4BF3-EFA5-4E58-A32C-7DF7F00B74CD"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35F504EE-6F8F-4623-9F44-9A1D866DE269"
},
{
"criteria": "cpe:2.3:a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17003C82-B711-496C-A2D4-0CC5FB2DCAC8"
}
],
"operator": "OR"
}
]
}
]