Solved

Turning off Horde

Posted on 2010-11-08
5
1,498 Views
Last Modified: 2012-05-10
I got the following message from SecurityMetrics regarding Horde.  We don't use WebMail on our server and we also don't use any e-mail through my virtual server as it is all routed through GoDaddy.  I'd rather just turn it off to get around this but can't seem to find any instructions on how to completely disable it.

Description: Horde allows cross-site scripting (help.php) Severity: Area of Concern CVE: CVE-2004-2741 Impact: A malicious web site could cause arbitrary commands to run on a client through a specially crafted link to the vulnerable server. In some cases, this could result in the compromise of the client's cookies, leading to unauthorized access to web applications. Background: Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the &lt;SCRIPT&gt; tag and handle them accordingly. Resolution Cross-site scripting can be fixed either by creating a customized error page which does not display the URI, or by applying one of the following fixes: ASP Fast Forum:Upgrade to a version created after 1 NOV 2005. PHP-Nuke: (11/13/08) [http://phpnuke.org/modules.php?name=Dow nloads] Upgrade PHP-Nuke to a version higher than 8.1. FlatNuke:[http://www.flatnuke.org/index. php?mod=Download] Upgrade to FlatNuke version 2.5.7 RSA Security: Upgrade to RSA Security RSA Authentication Agent to a version higher than 5.3 or RSA Security ACE/Agent for Web to a version higher than 5.1.1 when they become available Lotus Domino: Upgrade to version 5.0.9 when it becomes available. Microsoft ISA 2000: Refer to [http://www.microsoft.com/technet/securi ty/bulletin/ms01-045.mspx] Microsoft Security Bulletin 01-045. NetWare Web Search: (04/19/02) Apply NetWare 6 Service Pack 1. ColdFusion MX: (06/25/02) Apply the patch referenced in [http://www.adobe.com/devnet/security/se curity_zone/mpsb02-03.html] Macromedia Security Bulletin 02-03. Apache Tomcat: (07/12/02) [http://jakarta.apache.org/] Upgrade to version 4.1.4 or higher, and unmap the "invoker" servlet (mapped to  /servlet/), which executes anonymous servlet classes that have not been defined in a web.xml file. The entry for this can be found in the  /&lt;tomcat-install-dir&gt;/conf/web.xml file. Apache printenv program (12/30/02) Remove the cgi-bin/printenv program. Although this program outputs the text/plain MIME type which shouldn't be susceptible to cross-site scripting, some browsers do not correctly handle this type and would therefore be vulnerable. Microsoft Content Management Server 2001 (01/23/03) Apply the cumulative patch referenced in [http://www.microsoft.com/technet/securi ty/bulletin/ms03-002.mspx] Microsoft Security Bulletin 03-002, or apply Microsoft Content Management Server 2001 Service Pack 2 if available. WebCalendar (09/22/03) [http://webcalendar.sourceforge.net/] Upgrade to a WebCalendar version newer than 0.9.42. VP-ASP (Shopping Cart) (12/22/03 06/22/04 11/30/05) See the [http://www.vpasp.com/virtprog/info/faq_ securityfixes.htm] VP-ASP security fixes. Bitfolge snif (12/22/03) [http://www.bitfolge.de/download/] Upgrade to snif 1.2.7 or later. osCommerce (12/23/03) [http://www.oscommerce.com/Solutions/d ownloads] Upgrade to osCommerce 2.2 milestone 3. IBM Net.Data db2www (02/04/04) Use DTW_DEFAULT_ERROR_MESSAGE feature (or DTW_DEFAULT_MACRO feature on zOS and iServer) to ensure that error messages do not include user input in their response. For example, in the Net.Data configuration file db2www.ini, insert an entry such as: DTW_DEFAULT_ERROR_MESSAGE This Web Site is experiencing problems. Check back later. ASP Portal (02/27/04) Upgrade your version. phpBB2 (03/24/04) [http://www.phpbb.com/downloads.php] Upgrade to phpBB 2.0.7 or higher. ZWiki (12/01/04) [http://zwiki.org/repos/ZWiki/releases/ ] Upgrade to 0.37 or higher when available or 0.37.0rc1, or apply the fix described [http://zwiki.org/925ZwikiXSSVulnerabili ty] here. ht://Dig (02/14/05) [http://www.htdig.org/where.html] Upgrade to higher than 3.2.0b6, or install a fixed package from your operating system vendor. DotNetNuke (05/26/05) [http://dotnetnuke.com/default.aspx?tabi d=125] Upgrade to 3.0.12 or higher. Apache Struts (12/07/05) [http://struts.apache.org/download.cgi] Upgrade to 1.2.8 or higher. phpMyChat (12/09/05) [http://www.phpheaven.net/phpmychat:home ?id_rubrique=29] Upgrade to higher than version 0.14.5 . Cerberus Helpdesk (01/04/06) [http://www.cerberusweb.com/downloads_he lpdesk.php] Upgrade to 2.7.0 or higher. Apache Geronimo (01/27/06) [http://geronimo.apache.org/downloads.ht ml] Upgrade to version 1.0.1 or 1.1 when available. Ashnews (02/10/06) [http://dev.ashwebstudio.com/products.ph p] Upgrade to a version higher than 0.83 when available. QwikiWiki (02/27/06) [http://sourceforge.net/project/showfile s.php?group_id=80406] Upgrade to a version higher than 1.51 when available. vCard (03/23/06) [http://www.belchiorfoundry.com/vcard/in dex.php] Upgrade to a version higher than 2.9. Contrexx (03/24/06) [http://www.contrexx.com/?section=news&c md=details&newsid=54] Patch version 1.0.8 or [http://www.contrexx.com/] upgrade to a version higher than 1.0.8 . phpCOIN (04/05/06) [http://www.phpcoin.com/coin_addons/dloa d.php?id=108] upgrade to version 1.2.3 . PHPKIT (04/05/06) [http://phpkit.de/include.php?path=conte nt/news.php&contentid=280&PHPKITSID=90c781 f9635d9416058473a6aa735927] upgrade to 1.6.1 Release 2. phpAdsNew/phpPgAds (04/06/06) upgrade [http://phpadsnew.com/two/index.html] phpAdsNew or [http://www.phppgads.com/one/index.html ] phpPgAds to version 2.0.8. Confixx (04/23/06) [http://www.swsoft.com/de/products/confi xx/] Upgrade to a version higher than 3.1.2 when available. phpLDAPadmin (05/01/06) [http://phpldapadmin.sourceforge.net/dow nload.php] Upgrade to version 0.9.8.2 or higher. Boardsolution (05/02/06) [http://www.script-Solution.de/] Upgrade to version 1.13 or higher. Pivot (07/24/06) [http://www.pivotlog.net/] Upgrade to version 1.30 Final or higher. XOOPS (10/25/06) [http://www.xoops.org/modules/core/] Upgrade to version higher than 2.0.15 when it becomes available (2.2 track has been discontinued). XOOPS packs (11/17/06) Upgrade [http://www.xoops.org/modules/core/visit .php?cid=9&lid=98] CommunityPack, [http://www.xoops.org/modules/core/visit .php?cid=9&lid=101] PersonalPack, and [http://www.xoops.org/modules/core/visit .php?cid=9&lid=100] IntranetPack to a version higher than 1.0 or fix as [http://worldphantom.org/foro/index.php? PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&t opic=417.new] described. cPanel (01/11/10) [http://www.cpanel.net/support/downloads /downloads.htm] Upgrade to version 11.25 or higher. OsTicket (01/02/07) [http://www.osticket.com/downloads.php] Upgrade to 2.0 when available. PHP iCalendar (01/04/07) [http://sourceforge.net/project/showfile s.php?group_id=62270&package_id=58811] Upgrade to version 2.23 or later when available. Citrix MetaFrame (03/07/08) Apply a fix as described in [http://support.citrix.com/article/CTX10 1996] Document ID CTX101996. Campus Bulletin Board (05/29/08) [http://netlab.kh.edu.tw/download/index. htm] Upgrade to a version higher than 3.4 when available. Apache Roller (01/27/09) Apply the fix described in [https://svn.apache.org/viewvc?view=rev& revision=668737] Revision 668737. MercuryBoard (02/04/10) [http://www.mercuryboard.com/index.php?a =downloads] Upgrade to a version higher than 1.1.5 when available. Cisco Secure Desktop (02/12/10) [http://tools.cisco.com/support/download s/pub/Redirect.x?mdfid=280277835] Upgrade to version 3.5.841 or higher when available. Cisco Collaboration Server (03/04/10) [http://tools.cisco.com/support/download s/pub/Redirect.x?mdfid=268439684] Upgrade to version higher than 5 when available. RSA SecurID (03/04/10) Upgrade to version higher than 6.1 when available. Juniper IVE (08/16/10) Ensure that the firewall's management interface is disabled on the Internet connected interface, by disabling WeBUI within service options on the Internet connected interface. All other products: Retrieve an upgrade or a patch from the vendor. See the posting to [http://www.securityfocus.com/archive/1/ 194464] Bugtraq for information about specific types of web servers. See references below. If a fix is unavailable, then work around the problem by creating a customized error page. Vulnerability Details: Service: 8880:TCP Sent: GET  /help.php?show=index&module=saint%22%3E% 3Cframe%20src=%22javascript:alert(%27SAINT %27)%22%20 HTTP/1.0 Host: ip-68-178-205-76.ip.secureserver.net:8880 User-Agent: Mozilla/4.0 Connection: Keep-alive Received: Location:  /packages/saint"><frame src="javascript:alert('SAINT')"  /locales/en-US/help/__default.html [More]
[Hide]

I use Plesk and IIS on a Windows 2003 Virtual Server from GoDaddy.
0
Comment
Question by:JeffreyDurham
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:ManicD
ID: 34086726
I have a feeling you are scanning the wrong IP.

I would have thought the IP to be scanned is your workplace IP address.... You might wish to speak to them about this.

Furthermore, security metrics have a helpline to call, they have scan technicians who can tell you the EXACT patch/procedure  you need to apply to resolve the issue.
0
 

Author Comment

by:JeffreyDurham
ID: 34086987
This is my website they are scanning not the office IP.  The office IP scanned fine.
0
 

Author Comment

by:JeffreyDurham
ID: 34086995
I'd rather just turn it off.  the mail. domain on my website just redirects to my main site currently.  No one here uses webmail so it serves no purpose being on.
0
 
LVL 7

Accepted Solution

by:
ManicD earned 500 total points
ID: 34087886
Log into Plesk
Go to Settings > mail server settings > and you should find a tick box for Horde and AtMail

Un-tick and click OK at the bottom should turn it off
0
 

Author Closing Comment

by:JeffreyDurham
ID: 34088838
thanks!  
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now