Published: 09/11/2010 Updated: 12/07/2011

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Horde Application Framework

Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework prior to 3.3.9 allows remote malicious users to hijack the authentication of unspecified victims for requests to a preference form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
horde horde application framework 1.0.3
horde horde application framework 1.1.1
horde horde application framework 2.0
horde horde application framework 2.1
horde horde application framework 2.2.7
horde horde application framework 2.2.8
horde horde application framework 3.0.3
horde horde application framework 3.0.9
horde horde application framework 3.1.3
horde horde application framework 3.1.4
horde horde application framework 3.2.1
horde horde application framework 3.2.3
horde horde application framework 3.3.5
horde horde application framework 3.3.6
horde horde application framework 3.1.8
horde horde application framework 3.0.5
horde horde application framework 3.2
horde horde application framework 3.0.8
horde horde application framework 1.3.3
horde horde application framework 1.3.4
horde horde application framework 2.2
horde horde application framework 2.2.1
horde horde application framework 2.2.9
horde horde application framework 3.0
horde horde application framework 3.0.10
horde horde application framework 3.0.11
horde horde application framework 3.1.5
horde horde application framework 3.1.6
horde horde application framework 3.1.7
horde horde application framework 3.2.4
horde horde application framework 3.3
horde horde application framework 3.3.7
horde horde application framework
horde horde application framework 2.2.6
horde horde application framework 3.0.4
horde horde application framework 3.3.4
horde horde application framework 1.3.2
horde horde application framework 1.3.5
horde horde application framework 2.2.5
horde horde application framework 3.0.1
horde horde application framework 3.0.2
horde horde application framework 3.1.1
horde horde application framework 3.1.2
horde horde application framework 3.3.3
horde horde application framework 3.2.2
horde horde application framework 3.0.6
horde horde application framework 3.1
horde horde application framework 1.3.0
horde horde application framework 1.3.1
horde horde application framework 2.2.3
horde horde application framework 2.2.2
horde horde application framework 2.2.4
horde horde application framework 3.0.12
horde horde application framework 3.1.9
horde horde application framework 3.3.1
horde horde application framework 3.3.2
horde horde application framework 3.2.5
horde horde application framework 3.0.7

It was discovered that horde3, the horde web application framework, is prone to a cross-site scripting attack and a cross-site request forgery For the oldstable distribution (lenny), these problems have been fixed in version 322+debian0-2+lenny3 For the stable distribution (squeeze), these problems have been fixed in version 338+debian0-2, wh ...

CWE-352 http://lists.horde.org/archives/announce/2010/000557.html https://bugzilla.redhat.com/show_bug.cgi?id=630687 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html http://secunia.com/advisories/42140 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2278

CVE-2010-3694

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect