Horde IMP Encoded Cross-Agent Scripting Vulnerability

The vendor has addressed this issue in newer versions. Upgrades are also available.

Note, the Caldera Linux advisory states:
If horde was activated in the apache module "/etc/httpd/modules/mod_php4_horde.conf" you will have to reconfigure it by changing "deny from all" to "allow from all".

Do not run "/usr/lib(exec)/horde/horde.setup" if you already have started the script before the update. If you run the script again, all passwords will be changed back to the default value and you will have to change them manually in "/home/httpd/html/horde/imp/config/defaults.php3" and "/home/httpd/phplib/local.inc"

Horde Project IMP 2.0

Horde Project IMP 2.2

Horde Project IMP 2.2.1

Horde Project IMP 2.2.2

Horde Project IMP 2.2.3

Horde Project IMP 2.2.4

Horde Project IMP 2.2.5


Privacy Statement
Copyright 2010, SecurityFocus