PT-2008-1531 · Horde · Imp Webmail Client+2

Tomas Hoger

Published

2008-01-11

Updated

2017-07-29

CVE-2007-6018

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions IMP Webmail Client version 4.1.5 Horde Application Framework version 3.1.5 Horde Groupware Webmail Edition version 1.0.3

Description The issue allows remote attackers to delete arbitrary e-mail messages via a modified numeric ID or "purge" deleted emails via a crafted email message, due to the lack of validation of unspecified HTTP requests.

Recommendations For IMP Webmail Client version 4.1.5, update to a version that includes input validation for HTTP requests. For Horde Application Framework version 3.1.5, implement proper validation of HTTP requests to prevent unauthorized actions. For Horde Groupware Webmail Edition version 1.0.3, restrict access to email management functions until a fix is applied that validates HTTP requests.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2007-6018

DSA-1470-1

Affected Products

Horde Application Framework

Horde Groupware Webmail Edition

Imp Webmail Client

PT-2008-1531 · Horde · Imp Webmail Client+2

CVE-2007-6018

Weakness Enumeration

Related Identifiers

Affected Products

References · 21