CVE-2007-6018
published 2008-01-11CVE-2007-6018: IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which…
PriorityP428medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
1.77%
75.4th percentile
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| horde | framework | — | — |
| horde | groupware_webmail_edition | — | — |
| horde | horde | — | — |
| horde | imp | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
horde: input validation vulnerabilities
vendor_redhat·2008-01-10·CVSS 5.8
CVE-2007-6018 [MEDIUM] CWE-20 horde: input validation vulnerabilities
horde: input validation vulnerabilities
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
GHSA
GHSA-cg63-j5p8-vpwf: IMP Webmail Client 4
ghsa_unreviewed·2022-05-01
CVE-2007-6018 [MEDIUM] GHSA-cg63-j5p8-vpwf: IMP Webmail Client 4
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
No detection rules found.
No public exploits indexed.
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=hhttp://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=hhttp://lists.horde.org/archives/announce/2008/000360.htmlhttp://lists.horde.org/archives/announce/2008/000365.htmlhttp://lists.horde.org/archives/announce/2008/000366.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/28020http://secunia.com/advisories/28546http://secunia.com/advisories/29184http://secunia.com/advisories/29185http://secunia.com/advisories/29186http://secunia.com/advisories/34418http://secunia.com/secunia_research/2007-102/advisory/http://www.debian.org/security/2008/dsa-1470http://www.securityfocus.com/bid/27223https://bugzilla.redhat.com/show_bug.cgi?id=428625https://exchange.xforce.ibmcloud.com/vulnerabilities/39595https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.htmlhttp://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=hhttp://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=hhttp://lists.horde.org/archives/announce/2008/000360.htmlhttp://lists.horde.org/archives/announce/2008/000365.htmlhttp://lists.horde.org/archives/announce/2008/000366.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/28020http://secunia.com/advisories/28546http://secunia.com/advisories/29184http://secunia.com/advisories/29185http://secunia.com/advisories/29186http://secunia.com/advisories/34418http://secunia.com/secunia_research/2007-102/advisory/http://www.debian.org/security/2008/dsa-1470http://www.securityfocus.com/bid/27223https://bugzilla.redhat.com/show_bug.cgi?id=428625https://exchange.xforce.ibmcloud.com/vulnerabilities/39595https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
2008-01-11
Published