CVE-2001-1258

Sažetak

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.

Reference

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
http://online.securityfocus.com/archive/1/198495
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
http://www.debian.org/security/2001/dsa-073
http://www.iss.net/security_center/static/6906.php
http://www.securityfocus.com/bid/3083

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:07

Objavljeno

21-07-2001 - 04:00