CVE-2007-6018

Severity

57%

Complexity

86%

Confidentiality

81%

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 17 years ago

2008-01-11 02:46:00

Last updated 7 years ago

2017-07-29 01:33:00

Affected Software

Horde IMP 4.1.5

4.1.5

References

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

[announce] 20080109 Horde 3.1.6 (final)

[announce] 20080109 Horde Groupware 1.0.3 (final)

[announce] 20080110 Horde Groupware Webmail Edition 1.0.4 (final)

SUSE-SR:2009:007

28020

Vendor Advisory

28546

29184

29185

29186

34418

http://secunia.com/secunia_research/2007-102/advisory/

Vendor Advisory

DSA-1470

27223

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=428625

horde-impgroupware-filter-security-bypass(39595)

FEDORA-2008-2040

FEDORA-2008-2087

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.