Home > Vulnerability Database > CVE-2007-6018

Mend.io Vulnerability Database

CVE-2007-6018

Date: January 10, 2008

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Severity Score

4.8

Related Resources (22)

Url: http://secunia.com/advisories/29186

Url: http://secunia.com/advisories/28020

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/39595

Url: http://secunia.com/advisories/34418

Url: http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h

Url: http://secunia.com/advisories/29184

Url: http://secunia.com/advisories/29185

Url: http://secunia.com/secunia_research/2007-102/advisory/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6018

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html

Url: http://lists.horde.org/archives/announce/2008/000366.html

Url: http://www.debian.org/security/2008/dsa-1470

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-6018

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html

Url: http://www.securityfocus.com/bid/27223

Url: http://secunia.com/advisories/28546

Url: http://lists.horde.org/archives/announce/2008/000360.html

Url: http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h

Url: https://bugzilla.redhat.com/show_bug.cgi?id=428625

Url: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Url: http://lists.horde.org/archives/announce/2008/000365.html

Url: https://www.mend.io/vulnerability-database/CVE-2007-6018

Severity Score

4.8

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-6018

Date: January 10, 2008

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?