Improper Image Proxy Restriction in Horde Application Framework
CVE-2006-3549

Currently unrated

Key Information:

Vendor

Horde

Vendor
CVE Published:
13 July 2006

What is CVE-2006-3549?

The Horde Application Framework versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 are susceptible to a vulnerability that fails to properly restrict its image proxy capability. This flaw allows remote attackers to exploit the server for Web tunneling by passing manipulated URLs through the 'url' parameter. Attackers can potentially access certain undesired content or bypass restrictions, utilizing the server as a proxy for HTTP, HTTPS, and FTP URLs.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.