|
IMP Mail Deletion Security Bypass Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA28020
|
|
|
Release Date:
|
2008-01-10
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Manipulation of data
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Horde Application Framework 3.x
Horde Groupware Webmail Edition 1.x
IMP Webmail Client 4.x
|
| | CVE reference: | CVE-2007-6018 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data.
The HTML filter does not filter out <frame> and <frameset> HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail.
Successful exploitation requires that the victim opens the HTML part of a malicious message.
The vulnerability is confirmed in IMP version 4.1.5 with Horde version 3.1.5 and also reported in Horde Groupware Webmail Edition 1.0.3. Other versions may also be affected.
Solution:
Update to Horde version 3.1.6 or Horde Groupware Webmail Edition 1.0.4.
Provided and/or discovered by:
Ulf Harnhammar, Secunia Research.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2007-102/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
17 Related Secunia Security Advisories, displaying 10
|
|
|
1. Horde Products Cross-Site Scripting and Script Insertion
|
|
2. Horde "theme" Local File Inclusion Vulnerability
|
|
3. Multiple Horde Products Security Bypass
|
|
4. Multiple Horde Products Security Bypass
|
|
5. IMP Script Insertion and Cross-Site Scripting Vulnerabilities
|
|
6. Horde Language Selection Cross-Site Scripting Vulnerability
|
|
7. Horde IMP Folder Names Script Insertion Vulnerability
|
|
8. Horde Phishing and Cross-Site Scripting Vulnerabilities
|
|
9. Horde Cross-Site Scripting Vulnerabilities
|
|
10. Horde Cross-Site Scripting Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
