[horde] Security hole?

myhorde@nbiss.com myhorde at nbiss.com
Wed May 3 11:59:47 PDT 2006


This invading IP had a lot of sequential activity and every time it was 
a valid HTTP response from my side.

I will provide more details later.

Thanks

Quoting Michael M Slusarz <slusarz at horde.org>:

> Quoting myhorde at nbiss.com:
>
>> This came from the outside user and I don't have any.
>> There was also a lot of other stuff from the same IP.
>> My question is :  is it possible to send this URL directly and receive
>> a valid response without having valid session?
>
> No.  in the case you gave, horde/services/download/index.php calls  
> imp/view.php which calls imp/lib/base.php which is where we do  
> authentication.
>
> michael
>
> ___________________________________
> Michael Slusarz [slusarz at horde.org]
> -- 
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



More information about the horde mailing list