CVE-2006-3549 Information
Description
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability which allows remote attackers to perform \Web tunneling\ attacks and use the server as a proxy via (1) http (2) https and (3) ftp URL in the url parameter which is requested from the server.
Reference
http://lists.horde.org/archives/announce/2006/000287.html
http://lists.horde.org/archives/announce/2006/000288.html
http://moritz-naumann.com/adv/0011/hordemulti/0011.txt
http://secunia.com/advisories/20954
http://secunia.com/advisories/21459
http://secunia.com/advisories/27565
http://securityreason.com/securityalert/1229
http://securitytracker.com/id?1016442
http://www.debian.org/security/2007/dsa-1406
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.securityfocus.com/archive/1/439255/100/0/threaded
http://www.securityfocus.com/bid/18845
http://www.vupen.com/english/advisories/2006/2694
services/go.php
in
Horde
Application
Framework
3.0.0
through
3.0.10
and
3.1.0
through
3.1.1
does
not
properly
restrict
its
image
proxy
capability
which
allows
remote
attackers
to
perform
\Web
tunneling
attacks
and
use
the
server
as
a
proxy
via
(1)
http
(2)
https
and
(3)
ftp
URL
in
the
url
parameter
which
is
requested
from
the
server.