PublicDate: 2006-07-13 00:05:00 UTC
Candidate: CVE-2006-3549
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3549
Description:
 services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and
 3.1.0 through 3.1.1 does not properly restrict its image proxy capability,
 which allows remote attackers to perform "Web tunneling" attacks and use
 the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url
 parameter, which is requested from the server.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_horde3: ignored (reached end-of-life)
edgy_horde3: released (3.1.3-1)
feisty_horde3: released (3.1.3-1)
gutsy_horde3: released (3.1.3-1)
hardy_horde3: released (3.1.3-1)
intrepid_horde3: released (3.1.3-1)
jaunty_horde3: released (3.1.3-1)
karmic_horde3: released (3.1.3-1)
devel_horde3: released (3.1.3-1)
upstream_horde3: needs-triage