CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://bugs.horde.org/show_bug.cgi?id=916
http://www.iss.net/security_center/static/8768.php
http://www.securityfocus.com/bid/4445
http://bugs.horde.org/show_bug.cgi?id=916
http://www.iss.net/security_center/static/8768.php
http://www.securityfocus.com/bid/4445

Products affected by CVE-2002-2024

Horde » Imp » Version: 2.2.7

cpe:2.3:a:horde:imp:2.2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-2024

Products

Pricing

Contact Us