holisticinfosec.org - HIO-2010-0514 Horde Web Mail CSRF Vulnerability

Home
Blog
toolsmith (ISSA)
Research
Events
Publications
In The News
News
Best Practices
Links
How To
Standards
Simplicity
Philosophy
Security News Feeds
Search
Contact

"If it's a good idea, go ahead and do it. It is much easier to ask forgiveness than it is to get permission. - Rear Admiral Dr. Grace Hopper"

RSS

HIO-2010-0514 Horde Web Mail CSRF Vulnerability

Horde Groupware Webmail is vulnerable to cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests send to e.g. account privileges per services/prefs.php without performing any validity checks to verify the request. This can be exploited to e.g. conduct script-insertion attacks and change certain settings by tricking an administrator into visiting a malicious website.

References:

CVE-2010-pending

BID:

FrSIRT: N/A

Nessus:N/A

OSVDB: 65089

SA: 39860

XF:

Vendor Solution:

< Prev		Next >

[ Back ]