CVE-2006-3549

Name of the Vulnerable Software and Affected Versions Horde Application Framework versions 3.0.0 through 3.0.10 Horde Application Framework versions 3.1.0 through 3.1.1

Description The issue allows remote attackers to perform Web tunneling attacks and use the server as a proxy via http, https, and ftp URL in the url parameter. This is due to the improper restriction of the image proxy capability in the services/go.php file.

Recommendations For Horde Application Framework versions 3.0.0 through 3.0.10, restrict access to the services/go.php file to minimize the risk of exploitation. For Horde Application Framework versions 3.1.0 through 3.1.1, avoid using the url parameter in the services/go.php file until the issue is resolved.