How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Update Protection against Horde Help Viewer Vulnerability

Check Point Reference: CPAI-2006-076
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: FrSIRT/ADV-2006-1154
Industry Reference:CVE-2006-1491
Protection Provided by:
Who is Vulnerable? Horde versions prior to 3.1.1
Horde versions prior to 3.0.10
Vulnerability Description The Horde Application Framework is a modular, general-purpose web application framework written in PHP. A vulnerability has been identified in Horde Application Framework, which may be exploited by attackers to compromise a vulnerable web server.
Update/Patch AvaliableUpgrade to Horde version 3.1.1 or 3.0.10, or apply patches :
http://ftp.horde.org/pub/horde/
Vulnerability DetailsThis flaw is due to input validation errors in the help viewer that does not validate certain variables. Remote attackers can exploit this to execute arbitrary commands with the privileges of the web server.

Protection Overview