FKIE_CVE-2008-1284

Vulnerability from fkie_nvd - Published: 2008-03-11 00:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.
References
cve@mitre.orghttp://lists.horde.org/archives/announce/2008/000382.htmlPatch
cve@mitre.orghttp://lists.horde.org/archives/announce/2008/000383.html
cve@mitre.orghttp://lists.horde.org/archives/announce/2008/000384.html
cve@mitre.orghttp://secunia.com/advisories/29286Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29374Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29400Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30047Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200805-01.xml
cve@mitre.orghttp://securityreason.com/securityalert/3726
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1519
cve@mitre.orghttp://www.securityfocus.com/archive/1/489239/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/489289/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28153Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0822/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41054
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2008/000382.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2008/000383.html
af854a3a-2127-422b-91ae-364da2661108http://lists.horde.org/archives/announce/2008/000384.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29286Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29374Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29400Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30047Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200805-01.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3726
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1519
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489239/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489289/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28153Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0822/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41054
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html
Impacted products
Vendor Product Version
horde groupware *
horde groupware_webmail_edition *
horde horde 3.1.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:groupware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCA87DD-0549-4B2F-B1F4-46632258A059",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:groupware_webmail_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77138B08-A680-4FEC-873F-6E25B05D44CB",
              "versionEndIncluding": "1.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:horde:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "93944D77-B65B-48F4-9334-8FC9B1D96F53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via \"..\" sequences and a null byte in the theme name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en Horde 3.1.6, Groupware anterior 1.0.5, y Groupware Webmail Edition anterior 1.0.6, cuando ejecuta ciertas configuraciones, pertmite a usuarios autenticados remotamente leer y ejecutar ficheros de su elecci\u00f3n a trav\u00e9s de secuencias \"..\" y de byte nulo en el mismo \"theme name\"."
    }
  ],
  "id": "CVE-2008-1284",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-11T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000382.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.horde.org/archives/announce/2008/000383.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.horde.org/archives/announce/2008/000384.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29286"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29374"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29400"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30047"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3726"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1519"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0822/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.horde.org/archives/announce/2008/000382.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.horde.org/archives/announce/2008/000383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.horde.org/archives/announce/2008/000384.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489239/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489289/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0822/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00253.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00301.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.