1. Home
  2. CVE Database
  3. CVE-2007-6018
MEDIUM · 5.8

CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrar...

Vulnerability Description

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
HordeFramework3.1.5
HordeGroupware Webmail Edition1.0.3
HordeHorde3.1.5
HordeImp4.1.5

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2007-6018?

CVE-2007-6018 is a vulnerability with a CVSS score of 5.8 (MEDIUM). IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrar...

How severe is CVE-2007-6018?

CVE-2007-6018 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-6018?

Check the references section above for vendor advisories and patch information. Affected products include: Horde Framework, Horde Groupware Webmail Edition, Horde Horde, Horde Imp.