Horde Application Framework Two Vulnerabilities


Description   A security issue and a vulnerability have been reported in Horde Application Framework, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) Certain input related to the email validation is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability may be related to vulnerability #1 in:
SA47592
The vulnerability is reported in versions prior to 3.3.13.
2) The security issue is caused due to the distribution of compromised Horde Application Framework source code packages containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.
The compromised source file was distributed with version 3.3.12 between 15th November 2011 and 7th February 2012.
     
Vulnerable Products   Vulnerable Software:
Horde Application Framework 3.x
     
Solution   Update to version 3.3.13.
     
CVE   CVE-2012-0909
CVE-2012-0209
     
References   http://lists.horde.org/archives/announce/2012/000744.html
http://lists.horde.org/archives/announce/2012/000751.html
http://git.horde.org/diff.php/horde/docs/CHANGES?rt=horde&
r1=1.515.2.648&
r2=1.515.2.653&
ty=h
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
Horde Backdoor: remote code execution attempt
4.1.1
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Critical 

 Vulnerability First Public Report Date 
2012-02-08 

 Target Type 
Server 

 Possible exploit 
Remote