CVE-2010-3694
First published: Tue Nov 09 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Horde Application Framework | =3.0.11 | |
| Horde Horde Application Framework | =2.0-rc3 | |
| Horde Horde Application Framework | =3.2.3 | |
| Horde Horde Application Framework | =2.0 | |
| Horde Horde Application Framework | =3.0-rc3 | |
| Horde Horde Application Framework | =3.3.4-rc1 | |
| Horde Horde Application Framework | =3.2 | |
| Horde Horde Application Framework | =3.1.4-rc1 | |
| Horde Horde Application Framework | =2.2.5 | |
| Horde Horde Application Framework | =3.1 | |
| Horde Horde Application Framework | =3.0-rc1 | |
| Horde Horde Application Framework | =3.0.4 | |
| Horde Horde Application Framework | =3.0.6-rc1 | |
| Horde Horde Application Framework | =3.1.9 | |
| Horde Horde Application Framework | =3.1-rc2 | |
| Horde Horde Application Framework | =3.0 | |
| Horde Horde Application Framework | =3.1.8 | |
| Horde Horde Application Framework | =3.1.2 | |
| Horde Horde Application Framework | =2.2.9 | |
| Horde Horde Application Framework | =2.2.3 | |
| Horde Horde Application Framework | =2.0-rc1 | |
| Horde Horde Application Framework | =3.2-alpha | |
| Horde Horde Application Framework | =1.3.3 | |
| Horde Horde Application Framework | =3.0.5 | |
| Horde Horde Application Framework | =1.3.1 | |
| Horde Horde Application Framework | =3.0.10 | |
| Horde Horde Application Framework | =3.0.1 | |
| Horde Horde Application Framework | =3.0-rc2 | |
| Horde Horde Application Framework | =3.3.7 | |
| Horde Horde Application Framework | =3.0.4-rc1 | |
| Horde Horde Application Framework | =2.2.8 | |
| Horde Horde Application Framework | =3.1-rc1 | |
| Horde Horde Application Framework | =2.2.6 | |
| Horde Horde Application Framework | =3.3 | |
| Horde Horde Application Framework | =3.2-rc4 | |
| Horde Horde Application Framework | =3.1.1 | |
| Horde Horde Application Framework | =3.0.8 | |
| Horde Horde Application Framework | =1.3.2 | |
| Horde Horde Application Framework | =3.1.7 | |
| Horde Horde Application Framework | =3.1.5 | |
| Horde Horde Application Framework | =3.3.2 | |
| Horde Horde Application Framework | =2.2.7 | |
| Horde Horde Application Framework | =3.0.3 | |
| Horde Horde Application Framework | =3.2-rc1 | |
| Horde Horde Application Framework | =3.3-rc1 | |
| Horde Horde Application Framework | =3.0.6 | |
| Horde Horde Application Framework | =3.2-rc3 | |
| Horde Horde Application Framework | =3.1-rc3 | |
| Horde Horde Application Framework | =3.0.4-rc2 | |
| Horde Horde Application Framework | =2.2.6-rc1 | |
| Horde Horde Application Framework | =1.3.0 | |
| Horde Horde Application Framework | <=3.3.8 | |
| Horde Horde Application Framework | =3.0.5-rc2 | |
| Horde Horde Application Framework | =2.2 | |
| Horde Horde Application Framework | =3.3.4 | |
| Horde Horde Application Framework | =3.0-alpha | |
| Horde Horde Application Framework | =1.3.5 | |
| Horde Horde Application Framework | =2.2.1 | |
| Horde Horde Application Framework | =3.3.5 | |
| Horde Horde Application Framework | =3.2.1 | |
| Horde Horde Application Framework | =2.2.2 | |
| Horde Horde Application Framework | =3.2.5 | |
| Horde Horde Application Framework | =3.3.1 | |
| Horde Horde Application Framework | =3.2.2 | |
| Horde Horde Application Framework | =3.0-beta | |
| Horde Horde Application Framework | =3.0.9 | |
| Horde Horde Application Framework | =3.3.6 | |
| Horde Horde Application Framework | =1.3.4 | |
| Horde Horde Application Framework | =3.0.12 | |
| Horde Horde Application Framework | =3.1.3 | |
| Horde Horde Application Framework | =3.1.6 | |
| Horde Horde Application Framework | =2.2.4 | |
| Horde Horde Application Framework | =1.1.1 | |
| Horde Horde Application Framework | =3.2.4 | |
| Horde Horde Application Framework | =3.0.7 | |
| Horde Horde Application Framework | =3.0.5-rc1 | |
| Horde Horde Application Framework | =2.0-rc4 | |
| Horde Horde Application Framework | =3.1.4 | |
| Horde Horde Application Framework | =3.3.3 | |
| Horde Horde Application Framework | =3.2-rc2 | |
| Horde Horde Application Framework | =2.1 | |
| Horde Horde Application Framework | =3.0.2 | |
| Horde Horde Application Framework | =3.0.3-rc1 | |
| Horde Horde Application Framework | =1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.horde.org/archives/announce/2010/000557.html
- https://bugzilla.redhat.com/show_bug.cgi?id=630687
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050423.html
- http://secunia.com/advisories/42140
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050408.html
Frequently Asked Questions
What is the severity of CVE-2010-3694?
The severity of CVE-2010-3694 is rated as medium, with a score of 6.8.
How do I fix CVE-2010-3694?
To fix CVE-2010-3694, you should update to a patched version of the Horde Application Framework, specifically version 3.3.9 or later.
What type of vulnerability is CVE-2010-3694?
CVE-2010-3694 is classified as a Cross-Site Request Forgery (CSRF) vulnerability.
Which version of Horde is affected by CVE-2010-3694?
CVE-2010-3694 affects Horde Application Framework versions prior to 3.3.9.
What does CVE-2010-3694 allow attackers to do?
CVE-2010-3694 allows remote attackers to hijack the authentication of users for requests to a preference form.
- collector/nvd-historical
- collector/nvd-index
- vendor/horde
- product/horde application framework
- canonical/horde horde application framework