PT-2008-1531 · Horde · Imp Webmail Client+2

Tomas Hoger

Publicado

2008-01-11

Atualizado

2017-07-29

CVE-2007-6018

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions IMP Webmail Client version 4.1.5 Horde Application Framework version 3.1.5 Horde Groupware Webmail Edition version 1.0.3

Description The issue allows remote attackers to delete arbitrary e-mail messages via a modified numeric ID or "purge" deleted emails via a crafted email message, due to the lack of validation of unspecified HTTP requests.

Recommendations For IMP Webmail Client version 4.1.5, update to a version that includes input validation for HTTP requests. For Horde Application Framework version 3.1.5, implement proper validation of HTTP requests to prevent unauthorized actions. For Horde Groupware Webmail Edition version 1.0.3, restrict access to email management functions until a fix is applied that validates HTTP requests.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2007-6018

DSA-1470-1

Produtos afetados

Horde Application Framework

Horde Groupware Webmail Edition

Imp Webmail Client

PT-2008-1531 · Horde · Imp Webmail Client+2

CVE-2007-6018

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21