CVE-2010-3077
published 2010-11-09CVE-2010-3077: Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.89%
88.9th percentile
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | horde_application_framework | <= 3.3.8 | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
| horde | horde_application_framework | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004627; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004629; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004624; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004625; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitr
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004626; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
Suricata
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3077 [HIGH] ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII
ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII"; flow:established,to_server; http.uri; content:"/listmembers.php?"; nocase; content:"rank="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; classtype:web-application-attack; sid:2004628; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
Bugzilla
CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9 [fedora-all]
bugzilla·2010-09-06·CVSS 4.3
CVE-2010-3077 [MEDIUM] CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9 [fedora-all]
CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=630687
Please note: this issue affects mul
Bugzilla
CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
bugzilla·2010-09-06·CVSS 4.3
CVE-2010-3077 [MEDIUM] CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
Moritz Naumann reported:
[1] http://seclists.org/fulldisclosure/2010/Sep/82
a deficiency in the way Horde framework sanitized user-provided
'subdir' parameter, when composing final path to the image file.
A remote, unauthenticated user could use this flaw to conduct
cross-site scripting attacks (execute arbitrary HTML or scripting
code) by providing a specially-crafted URL to the running
Horde framework instance.
Upstream patch:
[2] http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9
Sample public URL by Moritz to demonstrate the issue:
[3] [path_to_horde]/util/icon_browser.php?subdir=&app=horde
Discussion:
This
http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.htmlhttp://lists.horde.org/archives/announce/2010/000557.htmlhttp://seclists.org/fulldisclosure/2010/Sep/82http://secunia.com/advisories/42140https://bugzilla.redhat.com/show_bug.cgi?id=630687http://git.horde.org/diff.php/horde/util/icon_browser.php?rt=horde-git&r1=a978a35c3e95e784253508fd4333d2fbb64830b6&r2=9342addbd2b95f184f230773daa4faf5ef6d65e9http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.htmlhttp://lists.horde.org/archives/announce/2010/000557.htmlhttp://seclists.org/fulldisclosure/2010/Sep/82http://secunia.com/advisories/42140https://bugzilla.redhat.com/show_bug.cgi?id=630687
2010-11-09
Published