CVE-2010-3077 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
horde	horde_application_framework	𝑥 ≤ 3.3.8
horde	horde_application_framework	1.0.3
horde	horde_application_framework	1.1.1
horde	horde_application_framework	1.3.0
horde	horde_application_framework	1.3.1
horde	horde_application_framework	1.3.2
horde	horde_application_framework	1.3.3
horde	horde_application_framework	1.3.4
horde	horde_application_framework	1.3.5
horde	horde_application_framework	2.0
horde	horde_application_framework	2.0:rc1
horde	horde_application_framework	2.0:rc3
horde	horde_application_framework	2.0:rc4
horde	horde_application_framework	2.1
horde	horde_application_framework	2.2
horde	horde_application_framework	2.2.1
horde	horde_application_framework	2.2.2
horde	horde_application_framework	2.2.3
horde	horde_application_framework	2.2.4
horde	horde_application_framework	2.2.5
horde	horde_application_framework	2.2.6
horde	horde_application_framework	2.2.6:rc1
horde	horde_application_framework	2.2.7
horde	horde_application_framework	2.2.8
horde	horde_application_framework	2.2.9
horde	horde_application_framework	3.0
horde	horde_application_framework	3.0:alpha
horde	horde_application_framework	3.0:beta
horde	horde_application_framework	3.0:rc1
horde	horde_application_framework	3.0:rc2
horde	horde_application_framework	3.0:rc3
horde	horde_application_framework	3.0.1
horde	horde_application_framework	3.0.2
horde	horde_application_framework	3.0.3
horde	horde_application_framework	3.0.3:rc1
horde	horde_application_framework	3.0.4
horde	horde_application_framework	3.0.4:rc1
horde	horde_application_framework	3.0.4:rc2
horde	horde_application_framework	3.0.5
horde	horde_application_framework	3.0.5:rc1
horde	horde_application_framework	3.0.5:rc2
horde	horde_application_framework	3.0.6
horde	horde_application_framework	3.0.6:rc1
horde	horde_application_framework	3.0.7
horde	horde_application_framework	3.0.8
horde	horde_application_framework	3.0.9
horde	horde_application_framework	3.0.10
horde	horde_application_framework	3.0.11
horde	horde_application_framework	3.0.12
horde	horde_application_framework	3.1
horde	horde_application_framework	3.1:rc1
horde	horde_application_framework	3.1:rc2
horde	horde_application_framework	3.1:rc3
horde	horde_application_framework	3.1.1
horde	horde_application_framework	3.1.2
horde	horde_application_framework	3.1.3
horde	horde_application_framework	3.1.4
horde	horde_application_framework	3.1.4:rc1
horde	horde_application_framework	3.1.5
horde	horde_application_framework	3.1.6
horde	horde_application_framework	3.1.7
horde	horde_application_framework	3.1.8
horde	horde_application_framework	3.1.9
horde	horde_application_framework	3.2
horde	horde_application_framework	3.2:alpha
horde	horde_application_framework	3.2:rc1
horde	horde_application_framework	3.2:rc2
horde	horde_application_framework	3.2:rc3
horde	horde_application_framework	3.2:rc4
horde	horde_application_framework	3.2.1
horde	horde_application_framework	3.2.2
horde	horde_application_framework	3.2.3
horde	horde_application_framework	3.2.4
horde	horde_application_framework	3.2.5
horde	horde_application_framework	3.3
horde	horde_application_framework	3.3:rc1
horde	horde_application_framework	3.3.1
horde	horde_application_framework	3.3.2
horde	horde_application_framework	3.3.3
horde	horde_application_framework	3.3.4
horde	horde_application_framework	3.3.4:rc1
horde	horde_application_framework	3.3.5
horde	horde_application_framework	3.3.6
horde	horde_application_framework	3.3.7

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

horde3

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	ignored
lucid	ignored
karmic	ignored
hardy	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html

http://lists.horde.org/archives/announce/2010/000557.html

http://seclists.org/fulldisclosure/2010/Sep/82

http://secunia.com/advisories/42140

https://bugzilla.redhat.com/show_bug.cgi?id=630687

http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html

http://lists.horde.org/archives/announce/2010/000557.html

http://seclists.org/fulldisclosure/2010/Sep/82

http://secunia.com/advisories/42140

https://bugzilla.redhat.com/show_bug.cgi?id=630687