Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Horde exploit attempts in the wild SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Horde exploit attempts in the wild
The Horde Team released version 3.1.1 and 3.0.10 of the Horde Application Framework on 28 March which provided some critical security fixes.  On Thursday, 6 April, we got some e-mail to the handlers list about rumors of exploit attempts and an exploit was publically made available on Sunday, 9 April.  We have now received some logs that show that there are active attempts in the wild to exploit the help code viewer remote code execution vulnerability.  If you are running Horde, you need to upgrade to the latest version as soon as possible.

---------------------------------
Jim Clausing, jclausing //at// isc.sans.org
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Live Online

Jim

414 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!