Information Disclosure Vulnerability in Horde IMP 2.2.7

Information Disclosure Vulnerability in Horde IMP 2.2.7

CVE-2002-2024 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

Learn more about our Web App Pen Testing.