Improper Image Proxy Restriction in Horde Application Framework
CVE-2006-3549
Currently unrated
What is CVE-2006-3549?
The Horde Application Framework versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 are susceptible to a vulnerability that fails to properly restrict its image proxy capability. This flaw allows remote attackers to exploit the server for Web tunneling by passing manipulated URLs through the 'url' parameter. Attackers can potentially access certain undesired content or bypass restrictions, utilizing the server as a proxy for HTTP, HTTPS, and FTP URLs.
