Vulnerability Description
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVSS Score
3.6
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horde | Imp | 2.0 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://online.securityfocus.com/archive/1/198495
- http://online.securityfocus.com/archive/1/198495
- http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txtVendor Advisory
- http://www.debian.org/security/2001/dsa-073ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/6906.php
- http://www.securityfocus.com/bid/3083
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
- http://online.securityfocus.com/archive/1/198495
- http://online.securityfocus.com/archive/1/198495
- http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txtVendor Advisory
- http://www.debian.org/security/2001/dsa-073ExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/6906.php
- http://www.securityfocus.com/bid/3083
FAQ
What is CVE-2001-1258?
CVE-2001-1258 is a vulnerability with a CVSS score of 3.6 (LOW). Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the s...
How severe is CVE-2001-1258?
CVE-2001-1258 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1258?
Check the references section above for vendor advisories and patch information. Affected products include: Horde Imp.