OpenCVE

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Horde	Imp

Configuration 1 [-]

cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.horde.org/show_bug.cgi?id=916
http://www.iss.net/security_center/static/8768.php
http://www.securityfocus.com/bid/4445

History

Thu, 08 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-219
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-07-14T04:00:00Z

Updated: 2024-09-16T18:24:20.639Z

Reserved: 2005-07-14T00:00:00Z

Link: CVE-2002-2024

Vulnrichment

Updated: 2024-08-08T03:51:17.588Z

NVD

Status : Modified

Published: 2002-12-31T05:00:00.000

Modified: 2024-11-20T23:42:41.487

Link: CVE-2002-2024

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-07-14T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.horde.org/show_bug.cgi?id=916"}, {"name": "4445", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4445"}, {"name": "imp-php-path-disclosure(8768)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8768.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-2024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.horde.org/show_bug.cgi?id=916", "refsource": "MISC", "url": "http://bugs.horde.org/show_bug.cgi?id=916"}, {"name": "4445", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4445"}, {"name": "imp-php-path-disclosure(8768)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8768.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:51:17.588Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.horde.org/show_bug.cgi?id=916"}, {"name": "4445", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4445"}, {"name": "imp-php-path-disclosure(8768)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8768.php"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-219", "lang": "en", "description": "CWE-219 Storage of File with Sensitive Data Under Web Root"}]}], "affected": [{"vendor": "horde", "product": "imp", "cpes": ["cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.2.7", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T14:02:22.048868Z", "id": "CVE-2002-2024", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T14:06:46.622Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-2024", "datePublished": "2005-07-14T04:00:00Z", "dateReserved": "2005-07-14T00:00:00Z", "dateUpdated": "2024-09-16T18:24:20.639Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://bugs.horde.org/show_bug.cgi?id=916", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/4445", "name": "4445", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.iss.net/security_center/static/8768.php", "name": "imp-php-path-disclosure(8768)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:51:17.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2002-2024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T14:02:22.048868Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*"], "vendor": "horde", "product": "imp", "versions": [{"status": "affected", "version": "2.2.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-219", "description": "CWE-219 Storage of File with Sensitive Data Under Web Root"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T14:06:31.744Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://bugs.horde.org/show_bug.cgi?id=916", "tags": ["x_refsource_MISC"]}, {"url": "http://www.securityfocus.com/bid/4445", "name": "4445", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.iss.net/security_center/static/8768.php", "name": "imp-php-path-disclosure(8768)", "tags": ["vdb-entry", "x_refsource_XF"]}], "descriptions": [{"lang": "en", "value": "Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2005-07-14T04:00:00Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://bugs.horde.org/show_bug.cgi?id=916", "name": "http://bugs.horde.org/show_bug.cgi?id=916", "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/4445", "name": "4445", "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8768.php", "name": "imp-php-path-disclosure(8768)", "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2024", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2002-2024", "state": "PUBLISHED", "dateUpdated": "2024-09-16T18:24:20.639Z", "dateReserved": "2005-07-14T00:00:00Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2005-07-14T04:00:00Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages."}], "id": "CVE-2002-2024", "lastModified": "2024-11-20T23:42:41.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2002-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.horde.org/show_bug.cgi?id=916"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8768.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.horde.org/show_bug.cgi?id=916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8768.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4445"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-219"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}