|
|||
Rule General Information |
---|
Release Date: | 2014-01-17 | |
Rule Name: | Horde GroupWare Web Mail Edition CSRF Vulnerability (CVE-2013-6365) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Horde Turba contains a flaw as HTTP requests to /horde/turba/search.php do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. | |
Impact: | Remote code execution | |
Affected OS: | Windows, Other Unix, Linux | |
Reference: | CVE-2013-6365 |
|
Solutions |
---|
Update vendor's patch. |