Vulnerability Name:

CVE-2010-3694 (CCN-62120)

Assigned:2010-09-28
Published:2010-09-28
Updated:2011-07-12
Summary:Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-3694

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-16592

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-16555

Source: MLIST
Type: Patch
[announce] 20100928 Horde 3.3.9 (final)

Source: CCN
Type: Horde Web Site
Horde Groupware Webmail Edition 1.2.7 (final)

Source: CCN
Type: SA41579
Horde Groupware Webmail Edition Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
42140

Source: DEBIAN
Type: DSA-2278
horde3 -- several vulnerabilities

Source: CCN
Type: Horde Groupware Webmail Web site
Horde Groupware Webmail Edition

Source: CCN
Type: OSVDB ID: 65089
Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF

Source: CCN
Type: OSVDB ID: 69159
Horde Application Framework Preference Form CSRF

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=630687

Source: XF
Type: UNKNOWN
horde-groupwarewebmail-iconbrowser-csrf(62120)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:horde:horde_application_framework:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:1.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:beta:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.4:rc2:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.5:rc2:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:alpha:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2:rc4:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:3.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:horde:horde_application_framework:*:*:*:*:*:*:*:* (Version <= 3.3.8)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12816
    P
    		DSA-2278-1 horde3 -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20103694000
    V
    		CVE-2010-3694 on Ubuntu 12.04 LTS (precise) - medium.
    2010-11-09
    BACK
    horde horde application framework 1.0.3
    horde horde application framework 1.1.1
    horde horde application framework 1.3.0
    horde horde application framework 1.3.1
    horde horde application framework 1.3.2
    horde horde application framework 1.3.3
    horde horde application framework 1.3.4
    horde horde application framework 1.3.5
    horde horde application framework 2.0
    horde horde application framework 2.0 rc1
    horde horde application framework 2.0 rc3
    horde horde application framework 2.0 rc4
    horde horde application framework 2.1
    horde horde application framework 2.2
    horde horde application framework 2.2.1
    horde horde application framework 2.2.2
    horde horde application framework 2.2.3
    horde horde application framework 2.2.4
    horde horde application framework 2.2.5
    horde horde application framework 2.2.6
    horde horde application framework 2.2.6 rc1
    horde horde application framework 2.2.7
    horde horde application framework 2.2.8
    horde horde application framework 2.2.9
    horde horde application framework 3.0
    horde horde application framework 3.0 alpha
    horde horde application framework 3.0 beta
    horde horde application framework 3.0 rc1
    horde horde application framework 3.0 rc2
    horde horde application framework 3.0 rc3
    horde horde application framework 3.0.1
    horde horde application framework 3.0.2
    horde horde application framework 3.0.3
    horde horde application framework 3.0.3 rc1
    horde horde application framework 3.0.4
    horde horde application framework 3.0.4 rc1
    horde horde application framework 3.0.4 rc2
    horde horde application framework 3.0.5
    horde horde application framework 3.0.5 rc1
    horde horde application framework 3.0.5 rc2
    horde horde application framework 3.0.6
    horde horde application framework 3.0.6 rc1
    horde horde application framework 3.0.7
    horde horde application framework 3.0.8
    horde horde application framework 3.0.9
    horde horde application framework 3.0.10
    horde horde application framework 3.0.11
    horde horde application framework 3.0.12
    horde horde application framework 3.1
    horde horde application framework 3.1 rc1
    horde horde application framework 3.1 rc2
    horde horde application framework 3.1 rc3
    horde horde application framework 3.1.1
    horde horde application framework 3.1.2
    horde horde application framework 3.1.3
    horde horde application framework 3.1.4
    horde horde application framework 3.1.4 rc1
    horde horde application framework 3.1.5
    horde horde application framework 3.1.6
    horde horde application framework 3.1.7
    horde horde application framework 3.1.8
    horde horde application framework 3.1.9
    horde horde application framework 3.2
    horde horde application framework 3.2 alpha
    horde horde application framework 3.2 rc1
    horde horde application framework 3.2 rc2
    horde horde application framework 3.2 rc3
    horde horde application framework 3.2 rc4
    horde horde application framework 3.2.1
    horde horde application framework 3.2.2
    horde horde application framework 3.2.3
    horde horde application framework 3.2.4
    horde horde application framework 3.2.5
    horde horde application framework 3.3
    horde horde application framework 3.3 rc1
    horde horde application framework 3.3.1
    horde horde application framework 3.3.2
    horde horde application framework 3.3.3
    horde horde application framework 3.3.4
    horde horde application framework 3.3.4 rc1
    horde horde application framework 3.3.5
    horde horde application framework 3.3.6
    horde horde application framework 3.3.7
    horde horde application framework *