This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Announce of Horde 3.0.7 (final) :
This [3.0.7] is a security release that fixes cross site scripting
vulnerabilities in two of Horde's MIME viewers. These holes could for
example be exploited by an attacker sending specially crafted emails
to Horde's webmail client IMP. The attack could be used to steal
users' identity information, taking over users' sessions, or changing
As a hotfix the css and tgz MIME drivers can be disabled by removing
their entries from the $mime_drivers_map['horde']['registered'] list
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : true