Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | CVE-2010-3694 | First vendor Publication | 2010-11-09 |
Vendor | Cve | Last vendor Modification | 2011-07-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3694 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12816 | |||
Oval ID: | oval:org.mitre.oval:def:12816 | ||
Title: | DSA-2278-1 horde3 -- several | ||
Description: | It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2278-1 CVE-2010-3077 CVE-2010-3694 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | horde3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-03 | Name : Debian Security Advisory DSA 2278-1 (horde3) File : nvt/deb_2278_1.nasl |
2010-12-02 | Name : Fedora Update for horde FEDORA-2010-16525 File : nvt/gb_fedora_2010_16525_horde_fc14.nasl |
2010-11-16 | Name : Fedora Update for horde FEDORA-2010-16555 File : nvt/gb_fedora_2010_16555_horde_fc13.nasl |
2010-11-16 | Name : Fedora Update for horde FEDORA-2010-16592 File : nvt/gb_fedora_2010_16592_horde_fc12.nasl |
2010-09-07 | Name : Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerabi... File : nvt/gb_horde_43001.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69159 | Horde Application Framework Preference Form CSRF |
65089 | Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF Horde Groupware 1.2.6 and Horde Groupware Webmail Edition 1.2.6 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The applications allow users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change certain settings by tricking a logged-in user into visiting a specially crafted website. The vulnerability is confirmed in Horde Groupware 1.2.6 and Horde Groupware Webmail Edition 1.2.6. Other versions may also be affected. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2278.nasl - Type : ACT_GATHER_INFO |
2010-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16525.nasl - Type : ACT_GATHER_INFO |
2010-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16555.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16592.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:07:28 |
|
2021-05-04 12:12:31 |
|
2021-04-22 01:13:15 |
|
2020-05-23 01:42:47 |
|
2020-05-23 00:26:37 |
|
2016-04-26 20:08:45 |
|
2014-02-17 10:57:47 |
|
2013-05-10 23:34:06 |
|