Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7414

Опубликовано: 04 апр. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5.1
EPSS Низкий

Описание

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:horde:groupware:5.0.0:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.0:rc1:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.1:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.2:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.3:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.4:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.0.5:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.0:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.0:rc1:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.1:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.2:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.3:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.4:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.1.5:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.0:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.0:rc1:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.1:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.2:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.3:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.4:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.5:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.6:*:*:*:webmail:*:*:*
cpe:2.3:a:horde:groupware:5.2.7:*:*:*:webmail:*:*:*

EPSS

Процентиль: 79%
0.01304
Низкий

7.5 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2017-7414

CVSS3: 7.5
ubuntu
почти 9 лет назад

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.

debian логотип

CVE-2017-7414

CVSS3: 7.5
debian
почти 9 лет назад

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...

github логотип

GHSA-66jj-9jf3-x628

CVSS3: 7.5
github
больше 3 лет назад

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.

EPSS

Процентиль: 79%
0.01304
Низкий

7.5 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-78