[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6018Date: (C)2008-01-10   (M)2023-12-22


IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-27223
SECUNIA-28020
SECUNIA-28546
SECUNIA-29184
SECUNIA-29185
SECUNIA-29186
SECUNIA-34418
DSA-1470
FEDORA-2008-2040
FEDORA-2008-2087
SUSE-SR:2009:007
http://lists.horde.org/archives/announce/2008/000360.html
http://lists.horde.org/archives/announce/2008/000365.html
http://lists.horde.org/archives/announce/2008/000366.html
horde-impgroupware-filter-security-bypass(39595)
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
http://secunia.com/secunia_research/2007-102/advisory/
https://bugzilla.redhat.com/show_bug.cgi?id=428625

CPE    1
cpe:/a:horde:imp:4.1.5
CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:8124

© SecPod Technologies