Path Disclosure Vulnerability in Horde IMP by Horde Group
CVE-2002-2024
5.3MEDIUM
What is CVE-2002-2024?
Horde IMP 2.2.7 has a vulnerability that allows remote attackers to gain access to sensitive information by sending specific HTTP requests. This exploit can reveal the full web root pathname through error messages generated by scripts such as poppassd.php3, login.php3?reason=chpass2, spelling.php3, and ldap.search.php3?ldap_serv=nonsense. This indicates a failure in proper error handling, leading to unwanted information disclosure that could potentially aid an attacker in further exploits.
