Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
NameCVE-2010-3694First vendor Publication2010-11-09
VendorCveLast vendor Modification2011-07-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3694

CWE : Common Weakness Enumeration

100 %CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12816
Oval ID: oval:org.mitre.oval:def:12816
Title: DSA-2278-1 horde3 -- several
Description: It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery.
Family: unix Class: patch
Reference(s): DSA-2278-1
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): horde3
Definition Synopsis:

CPE : Common Platform Enumeration


OpenVAS Exploits

2011-08-03Name : Debian Security Advisory DSA 2278-1 (horde3)
File : nvt/deb_2278_1.nasl
2010-12-02Name : Fedora Update for horde FEDORA-2010-16525
File : nvt/gb_fedora_2010_16525_horde_fc14.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16555
File : nvt/gb_fedora_2010_16555_horde_fc13.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16592
File : nvt/gb_fedora_2010_16592_horde_fc12.nasl
2010-09-07Name : Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerabi...
File : nvt/gb_horde_43001.nasl

Open Source Vulnerability Database (OSVDB)

69159Horde Application Framework Preference Form CSRF
65089Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF

Nessus® Vulnerability Scanner

2011-07-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2278.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16525.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16555.nasl - Type : ACT_GATHER_INFO
2010-11-05Name : The remote Fedora host is missing a security update.
File : fedora_2010-16592.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=630687
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05040...
MLIST http://lists.horde.org/archives/announce/2010/000557.html

Alert History

If you want to see full details history, please login or register.
2016-04-26 20:08:45
  • Multiple Updates
2014-02-17 10:57:47
  • Multiple Updates
2013-05-10 23:34:06
  • Multiple Updates