CVE-2012-0209

Опубликовано: 25 сент. 2012

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

Ссылки

http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
Exploit
Patch
Vendor Advisory
http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
Exploit
http://lists.horde.org/archives/announce/2012/000751.html
Exploit
Patch
http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=790877
Patch
http://dev.horde.org/h/jonah/stories/view.php?channel_id=1&id=155
Exploit
Patch
Vendor Advisory
http://eromang.zataz.com/2012/02/15/cve-2012-0209-horde-backdoor-analysis/
Exploit
http://lists.horde.org/archives/announce/2012/000751.html
Exploit
Patch
http://packetstormsecurity.org/files/109874/Horde-3.3.12-Backdoor-Arbitrary-PHP-Code-Execution.html
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=790877
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horde:groupware:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:horde:groupware:1.2.10:*:webmail:*:*:*:*:*

cpe:2.3:a:horde:horde:3.3.12:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.64772

Средний

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2012-0209

ubuntu

больше 13 лет назад

CVE-2012-0209

debian

больше 13 лет назад

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edit ...

GHSA-gr4h-894q-p7jp

github

почти 4 года назад

EPSS

Процентиль: 98%

0.64772

Средний

7.5 High

CVSS2

Дефекты

CWE-94