Plesk Horde Detection

High Nessus Plugin ID 66175

Synopsis

The remote web server hosts an application framework written in PHP.

Description

The remote web server is running Horde, an open source, PHP-based application framework from The Horde Project. This installation was detected on a web server configured with Parallels Plesk Panel, a web hosting control panel. Plesk pre-configures the Horde install with a virtual host such as 'horde.webmail.' or 'webmail.', depending on the host operating system Plesk is installed on. This virtual host configuration can cause the Horde install to not be scanned by Nessus unless the specific named host is scanned (for example, 'horde.webmail.example.com'). By not scanning the 'horde.webmail' or 'webmail.' named host, vulnerabilities within the installed version of Horde may go undetected.

Solution

Conduct a review of the Plesk administrative panel to ensure all applications are updated to the most up-to-date versions.

Plugin Details

Severity: High

ID: 66175

File Name: plesk_horde_detect.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 2013/04/22

Updated: 2019/11/22

Dependencies: 10107, 11936

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:horde:horde_application_framework, cpe:/a:parallels:parallels_plesk_panel

Required KB Items: www/PHP