Horde Groupware Two Vulnerabilities


Description   A security issue and a vulnerability have been reported in Horde Groupware, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) Certain Input passed to an email form field is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability may be related to vulnerability #1 in:
SA47592
This vulnerability is reported in versions prior to 1.2.11.
2) The security issue is caused due to the distribution of compromised Horde Groupware source code packages containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code.
The compromised source file was distributed with version 1.2.10 between 9th November 2011 and 7th February 2012.
     
Vulnerable Products   Vulnerable Software:
Horde Groupware 1.x
     
Solution   Update to version 1.2.11.
     
CVE   CVE-2012-0909
CVE-2012-0209
     
References   http://lists.horde.org/archives/announce/2012/000749.html
http://lists.horde.org/archives/announce/2012/000751.html
http://git.horde.org/diff.php/groupware/docs/groupware/CHANGES?rt=horde&
r1=1.38.2.16&
r2=1.38.2.17&
ty=h
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - POST : suspicious tag with event found in data
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
3.2.0
XSS - Prevention - POST : 'location' javascript object found in data
3.2.0
XSS - Prevention - POST : javascript code found in data
3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
3.2.0
XSS - Prevention - POST : code allowing cookie access found in data
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data
3.2.0
XSS - Prevention - POST : 'script' tag found in data
3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
3.2.0
Horde Backdoor: remote code execution attempt
4.1.1
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Critical 

 Vulnerability First Public Report Date 
2012-02-13 

 Target Type 
Server 

 Possible exploit 
Remote