openSUSE 10 Security Update : horde (horde-1868)
Medium Nessus Plugin ID 27265
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes the following two security issues in the Horde Application Framework :
- CVE-2006-3549: services/go.php does not properly restrict its image proxy capability, which allows remote attackers to perform 'Web tunneling' attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
SolutionUpdate the affected horde package.