Vulnerability Name:

CVE-2013-6275 (CCN-88321)

Assigned:2013-10-27
Published:2013-10-27
Updated:2020-08-18
Summary:Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Cross-Site Scripting
References:Source: CCN
Type: BugTraq Mailing List, Sun Oct 27 2013 - 21:45:59 CDT
Multiple CSRF Horde Groupware Web mail Edition 5.1.2

Source: MISC
Type: Broken Link
http://archives.neohapsis.com/archives/bugtraq/2013-10/0134.html

Source: CCN
Type: Horde GIT Repository Web Site
Several Cross Site Request Forgery in Rule Section

Source: MITRE
Type: CNA
CVE-2013-6275

Source: CCN
Type: SA55455
Ingo Rules Section Cross-Site Request Forgery Vulnerability

Source: CCN
Type: SA55503
Horde Groupware / Groupware Webmail Edition Cross-Site Scripting and Request Forgery Vulnerabilities

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://www.exploit-db.com/exploits/29274

Source: CCN
Type: Horde Groupware Webmail Edition Web Site
Horde Groupware Webmail Edition

Source: CCN
Type: BID-63377
Horde Groupware Webmail Edition CVE-2013-6275 Multiple Cross Site Request Forgery Vulnerabilities

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/63377

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1029285

Source: MISC
Type: Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-6275

Source: MISC
Type: Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/88321

Source: XF
Type: UNKNOWN
hordegroupware-cve20136275-csrf(88321)

Source: CCN
Type: Packet Storm Security [10-27-2013]
Horde Groupware Web Mail 5.1.2 Cross Site Request Forgery

Source: MISC
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2013-6275

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-29-2013]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:horde:groupware:*:*:*:*:webmail:*:*:* (Version <= 5.1.2)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:horde:groupware:5.1.2:*:*:*:webmail:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.xenial:def:201362750000000
    V
    		CVE-2013-6275 on Ubuntu 16.04 LTS (xenial) - low.
    2019-11-05
    oval:com.ubuntu.precise:def:20136275000
    V
    		CVE-2013-6275 on Ubuntu 12.04 LTS (precise) - low.
    2013-11-04
    oval:com.ubuntu.trusty:def:20136275000
    V
    		CVE-2013-6275 on Ubuntu 14.04 LTS (trusty) - low.
    2013-11-04
    oval:com.ubuntu.xenial:def:20136275000
    V
    		CVE-2013-6275 on Ubuntu 16.04 LTS (xenial) - low.
    2013-11-04
    BACK
    horde groupware *
    debian debian linux 8.0
    debian debian linux 9.0
    debian debian linux 10.0
    horde groupware 5.1.2