Executive Summary
Summary | |
---|---|
Title | Google Gmail cross-site request forgery vulnerability |
Informations | |||
---|---|---|---|
Name | VU#571584 | First vendor Publication | 2007-10-01 |
Vendor | VU-CERT | Last vendor Modification | 2007-10-01 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#571584Google Gmail cross-site request forgery vulnerabilityOverviewAccording to public reports, Google Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses.I. DescriptionGoogle Gmail is a web based mail service. Gmail provides support for email filters that allow users to sort and forward mail.According to a report on the GNUCITIZEN site, Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create mail filters and forward mail to arbitrary email addresses. To exploit this vulnerability, an attacker would have had to convince a user to click or open a specially crafted hyperlink while the user was logged into their Gmail account. The hyperlink would have contained a http POST request that created the mail filter. The following workarounds may partially mitigate future cross-site scripting (XSS) and XSRF vulnerabilities.
Systems Affected
References
Information about this vulnerability was disclosed on the GNUCITIZEN website. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/571584 |