[horde] Is HORDE vers 1 vulnerable with PCL-0001: Remote
Vulnerability in HORDE MTA < 2.2.4
Jan Schneider
jan at horde.org
Mon Sep 15 01:45:10 PDT 2003
Zitat von Nantenaina Tianarivo <horde at nntp.simicro.net>:
> Hi !
>
> We are still using Horde version 1. As the mechanism for the session
> management in Horde2 differ from the mechanism in Horde 1, I would like
> to know if the Horde 1 is safe from this issue?
>
> If not, are there any patch for Horde1 or any work around that I can do?
The problem (poorly) explained in this report affects ALL session based PHP
applications that use session IDs in URLs. So yes, Horde 1 is also
affected.
Horde 1 is not supported anymore for a long time and contains more possible
and real security flaws, so you should have upgraded to Horde 2 long ago
anyway.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the horde
mailing list