Описание
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-6018
- https://bugzilla.redhat.com/show_bug.cgi?id=428625
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
- http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
- http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
- http://lists.horde.org/archives/announce/2008/000360.html
- http://lists.horde.org/archives/announce/2008/000365.html
- http://lists.horde.org/archives/announce/2008/000366.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://secunia.com/advisories/28020
- http://secunia.com/advisories/28546
- http://secunia.com/advisories/29184
- http://secunia.com/advisories/29185
- http://secunia.com/advisories/29186
- http://secunia.com/advisories/34418
- http://secunia.com/secunia_research/2007-102/advisory
- http://www.debian.org/security/2008/dsa-1470
- http://www.securityfocus.com/bid/27223
EPSS
CVE ID
Связанные уязвимости
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...
EPSS