CVE-2002-2024 Information

Description

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3 (2) login.php3?reason=chpass2 (3) spelling.php3 and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

Reference

http://bugs.horde.org/show_bug.cgi?id=916 http://www.iss.net/security_center/static/8768.php http://www.securityfocus.com/bid/4445