mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
330 lines
11 KiB
JSON
330 lines
11 KiB
JSON
{
|
|
"id": "CVE-2008-0807",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2008-02-19T01:00:00.000",
|
|
"lastModified": "2024-11-21T00:42:57.363",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "lib/Driver/sql.php en Turba 2 (turba2) Contact Manager H3 2.1.x antes de 2.1.7 y 2.2.x antes de 2.2-RC3, como se usa en productos como Horde Groupware antes de 1.0.4 y Horde Groupware Webmail Edition antes de 1.0.5, no comprueba correctamente los privilegios de acceso, lo que permite a usuarios autentificados remotamente modificar datos de direcci\u00f3n a trav\u00e9s de un par\u00e1metro object_id modificado a edit.php, como se demostr\u00f3 modificando una entrada personal en la libreta de direcciones cuando hay un acceso de escritura a una libreta de direcciones compartida."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
|
|
"baseScore": 4.9,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
|
|
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
|
|
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
|
|
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
|
|
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
|
|
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
|
|
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
|
|
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
|
|
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
|
|
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
|
|
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
|
|
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
|
|
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:horde:groupware:1.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D59C23FB-E223-4EED-8F69-3CC1EE7DF148"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:horde:groupware_webmail_edition:1.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "989D5040-13B3-4D76-A516-81CAB112FE44"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:horde:turba_contact_manager:2.1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6476A5E9-779F-4CBC-9C49-42AADD427B91"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000378.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000379.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000380.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000381.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/28982",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29071",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29184",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29185",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29186",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2008/dsa-1507",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/27844",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1019433",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/0593/references",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464058",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000378.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000379.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000380.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://lists.horde.org/archives/announce/2008/000381.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/28982",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29071",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29184",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29185",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/29186",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2008/dsa-1507",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/27844",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1019433",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/0593/references",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=432027",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |