Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-15235

Опубликовано: 11 окт. 2017
Источник: debian

Описание

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php-horde-gollemfixed3.0.12-1package
php-horde-gollemno-dsajessiepackage

Примечания

  • https://blogs.securiteam.com/index.php/archives/3454

  • https://lists.horde.org/archives/announce/2017/001260.html

  • https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51

Связанные уязвимости

ubuntu логотип

CVE-2017-15235

CVSS3: 7.5
ubuntu
больше 8 лет назад

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

nvd логотип

CVE-2017-15235

CVSS3: 7.5
nvd
больше 8 лет назад

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.

github логотип

GHSA-h443-49fc-9w7v

CVSS3: 7.5
github
больше 3 лет назад

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.