5.8

CVE-2007-6018

EPSS 1.15%
Veröffentlicht 11.01.2008 02:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle PSIRT-CNA@flexerasoftware.com
Teams Watchlist Login
Unerledigt Login

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Horde ≫ Framework Version3.1.5

Horde ≫ Groupware Webmail Edition Version1.0.3

Horde ≫ Horde Version3.1.5

Horde ≫ Imp Version4.1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.15%	0.765

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

http://lists.horde.org/archives/announce/2008/000360.html

http://lists.horde.org/archives/announce/2008/000365.html

http://lists.horde.org/archives/announce/2008/000366.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

http://secunia.com/advisories/28020

Vendor Advisory

http://secunia.com/advisories/28546

http://secunia.com/advisories/29184

http://secunia.com/advisories/29185

http://secunia.com/advisories/29186

http://secunia.com/advisories/34418

http://secunia.com/secunia_research/2007-102/advisory/

Vendor Advisory

http://www.debian.org/security/2008/dsa-1470

http://www.securityfocus.com/bid/27223

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=428625

https://exchange.xforce.ibmcloud.com/vulnerabilities/39595

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html

https://nvd.nist.gov/vuln/detail/CVE-2007-6018

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6018

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6018

EUVD