6.0.0-beta1
7/23/25

[#4112] Upgrade Documentation about.php
Summary Upgrade Documentation about.php
Queue Horde Framework Packages
Queue Version FRAMEWORK_3
Type Enhancement
State Rejected
Priority 3. High
Owners
Requester info (at) lintecsa (dot) com
Created 07/03/2006 (6960 days ago)
Due
Updated 07/05/2006 (6958 days ago)
Assigned
Resolved 07/05/2006 (6958 days ago)
Milestone
Patch No

History
07/05/2006 08:45:56 PM jorge (at) lintecsa (dot) com Comment #6 Reply to this comment
There has never been an about.php distributed with Horde in that directory.
This is true, I was reviewing the old backups and found that the file 
"index.php" was changed his name to "about.php". But his content is 
the same
07/05/2006 03:39:51 PM Chuck Hagenbuch State ⇒ Rejected
 
07/05/2006 03:27:58 PM info (at) lintecsa (dot) com Comment #5 Reply to this comment
There has never been an about.php distributed with Horde in that directory.
Shame on me, you are right. This file was a leftover not from a former 
horde install, but from a former exploit. They moved the old 
vulnarable index.php to about.php, very tricky!
07/05/2006 11:12:44 AM Jan Schneider Summary ⇒ Upgrade Documentation about.php
 
07/04/2006 11:15:25 PM Chuck Hagenbuch Comment #4 Reply to this comment
There has never been an about.php distributed with Horde in that directory.
07/04/2006 02:08:42 PM info (at) lintecsa (dot) com Comment #3 Reply to this comment
What are you talking about?
/horde/services/help/about.php

This file is obsolete in horde 3.1.1 - If you do an upgrade from 
former versions by just overwriting the directory the file about.php 
remains and opens horde to exploits.  Version 3.1.1 fixed the remote 
code execution vulnerability in the help viewer but if about.php 
doesn't get deleted the vulnerability still exists. Therefore I 
recommend to mention this risk in docs/UPGRADING or even better: patch 
about.php to make it unusable.


07/04/2006 02:51:59 AM Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
What are you talking about?
07/03/2006 10:48:00 PM info (at) lintecsa (dot) com Comment #1
Priority ⇒ 3. High
Type ⇒ Enhancement
Summary ⇒ Upgrade Documetation about.php
Queue ⇒ Horde Framework Packages
State ⇒ New
Reply to this comment
Doing an update from previous versions to Horde 3.1.1 about.php 
wouldn't be deleted or modified. This file is nothing but a dangerous 
leftover that has no more need in Horde 3.1.1: I would recommend to 
advise in the update notes or overwrite about.php in the updated 
version.

Saved Queries