Path Disclosure Vulnerability in Horde IMP by Horde Group
CVE-2002-2024

5.3MEDIUM

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
31 December 2002

What is CVE-2002-2024?

Horde IMP 2.2.7 has a vulnerability that allows remote attackers to gain access to sensitive information by sending specific HTTP requests. This exploit can reveal the full web root pathname through error messages generated by scripts such as poppassd.php3, login.php3?reason=chpass2, spelling.php3, and ldap.search.php3?ldap_serv=nonsense. This indicates a failure in proper error handling, leading to unwanted information disclosure that could potentially aid an attacker in further exploits.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.