CVE-2001-1258

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.debian.org/security/2001/dsa-073	Exploit Patch Vendor Advisory
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt	Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
http://www.iss.net/security_center/static/6906.php
http://www.securityfocus.com/bid/3083
http://online.securityfocus.com/archive/1/198495

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:horde:imp:2.0:::::::*
	cpe:2.3:a:horde:imp:2.2:::::::*
	cpe:2.3:a:horde:imp:2.2.5:::::::*
	cpe:2.3:a:horde:imp:2.2.3:::::::*
	cpe:2.3:a:horde:imp:2.2.4:::::::*
	cpe:2.3:a:horde:imp:2.2.1:::::::*
	cpe:2.3:a:horde:imp:2.2.2:::::::*

Information

Published : 2001-07-20 21:00

Updated : 2011-03-07 18:07

NVD link : CVE-2001-1258

Mitre link : CVE-2001-1258

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

horde

imp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2001/dsa-073", "name": "DSA-073", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt", "name": "CSSA-2001-027.0", "tags": ["Vendor Advisory"], "refsource": "CALDERA"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410", "name": "CLA-2001:410", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.iss.net/security_center/static/6906.php", "name": "imp-prefslang-gain-privileges(6906)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/3083", "name": "3083", "tags": [], "refsource": "BID"}, {"url": "http://online.securityfocus.com/archive/1/198495", "name": "http://online.securityfocus.com/archive/1/198495", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1258", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-07-21T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:07Z"}