Name | CVE-2017-15235 |
Description | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-2352-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
[jessie] - php-horde-gollem <no-dsa> (Minor issue)
https://blogs.securiteam.com/index.php/archives/3454
https://lists.horde.org/archives/announce/2017/001260.html
https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51