Executive Summary

Informations
NameCVE-2010-3694First vendor Publication2010-11-09
VendorCveLast vendor Modification2011-07-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3694

CWE : Common Weakness Enumeration

idName
CWE-352Cross-Site Request Forgery (CSRF)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application84

OpenVAS Exploits

DateDescription
2011-08-03Name : Debian Security Advisory DSA 2278-1 (horde3)
File : nvt/deb_2278_1.nasl
2010-12-02Name : Fedora Update for horde FEDORA-2010-16525
File : nvt/gb_fedora_2010_16525_horde_fc14.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16555
File : nvt/gb_fedora_2010_16555_horde_fc13.nasl
2010-11-16Name : Fedora Update for horde FEDORA-2010-16592
File : nvt/gb_fedora_2010_16592_horde_fc12.nasl
2010-09-07Name : Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerabi...
File : nvt/gb_horde_43001.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69159Horde Application Framework Preference Form CSRF
65089Horde Groupware / Horde Groupware Webmail Edition Unspecified CSRF

Nessus® Vulnerability Scanner

DateDescription
2011-07-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2278.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16525.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Fedora host is missing a security update.
File : fedora_2010-16555.nasl - Type : ACT_GATHER_INFO
2010-11-05Name : The remote Fedora host is missing a security update.
File : fedora_2010-16592.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=630687
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/05040...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05042...
MLISThttp://lists.horde.org/archives/announce/2010/000557.html
SECUNIAhttp://secunia.com/advisories/42140

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:57:47
  • Multiple Updates
2013-05-10 23:34:06
  • Multiple Updates