Vulnerability Description
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horde | Application Framework | 3.0 |
Related Weaknesses (CWE)
References
- http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2
- http://lists.horde.org/archives/announce/2006/000271.htmlPatch
- http://lists.horde.org/archives/announce/2006/000272.html
- http://secunia.com/advisories/19485Vendor Advisory
- http://secunia.com/advisories/19504Vendor Advisory
- http://secunia.com/advisories/19528Vendor Advisory
- http://secunia.com/advisories/19619Vendor Advisory
- http://secunia.com/advisories/19692Vendor Advisory
- http://securitytracker.com/id?1015841Patch
- http://www.attrition.org/pipermail/vim/2006-March/000671.html
- http://www.debian.org/security/2006/dsa-1033
- http://www.debian.org/security/2006/dsa-1034
- http://www.gentoo.org/security/en/glsa/glsa-200604-02.xml
- http://www.novell.com/linux/security/advisories/2006_07_sr.html
- http://www.securityfocus.com/bid/17292Patch
FAQ
What is CVE-2006-1491?
CVE-2006-1491 is a vulnerability with a CVSS score of 7.5 (HIGH). Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
How severe is CVE-2006-1491?
CVE-2006-1491 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1491?
Check the references section above for vendor advisories and patch information. Affected products include: Horde Application Framework.