Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6018

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-6018
Last Modified 15 Sep 2009 01:08:50
Published 10 Jan 2008 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6018

Summary

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Vulnerable Systems

Application

  • Horde 3.1.5

  • Horde Framework 3.1.5

  • Horde Groupware Webmail Edition 1.0.3

  • Horde Imp 4.1.5


References

BID - 27223

MISC - http://secunia.com/secunia_research/2007-102/advisory/

SECUNIA - 34418

SECUNIA - 28020

SUSE - SUSE-SR:2009:007

MLIST - [announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)

MLIST - [announce] 20080109 Horde Groupware 1.0.3 (final)

CONFIRM - http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

CONFIRM - http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

FEDORA - FEDORA-2008-2087

FEDORA - FEDORA-2008-2040

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=428625

XF - horde-impgroupware-filter-security-bypass(39595)

DEBIAN - DSA-1470

SECUNIA - 29186

SECUNIA - 29185

SECUNIA - 29184

SECUNIA - 28546

MLIST - [announce] 20080109 Horde 3.1.6 (final)


Last Updated: 27 May 2016 10:46:21