Home page logo
/

bugtraq logo Bugtraq mailing list archives

CSS vulnerabilities in IMP 3.0
From: "Brent J. Nordquist" <bjn () horde org>
Date: Thu, 13 Jun 2002 09:01:00 -0500 (CDT)

This is an update to the following security notification:

On Sat, 6 Apr 2002, Brent J. Nordquist <bjn () horde org> wrote:

The Horde team announces the availability of IMP 2.2.8, which prevents
some potential cross-site scripting (CSS) attacks.
[...]
The Horde Project would like to thank Nuno Loureiro <nuno () eth pt>
for discovering this problem and providing a very thorough analysis.

Sites using IMP 3.0 should note that IMP 3.0 is also vulnerable to these
attacks, but IMP 3.1 (final released this week) is not.  Therefore, IMP
3.0 users are encouraged to upgrade to IMP 3.1 to prevent these potential
attacks.

IMP 3.1 can be downloaded from the following location (Horde 2.0 does not
need to be upgraded; it will work with IMP 3.1):

        ftp://ftp.horde.org/pub/imp/

MD5 checksums:

MD5 (imp-3.1.tar.gz) = 73ff42a32e3ee3617fd411be356cb70f                         
MD5 (patch-imp-3.0-3.1.gz) = a7c9330ab1df2cd727c4aeb858138821  

-- 
Brent J. Nordquist <bjn () horde org> N0BJN
Other contact information: http://www.nordist.net/contact.html


  By Date           By Thread  

Current thread:
  • CSS vulnerabilities in IMP 3.0 Brent J. Nordquist (Jun 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault