CVE-2013-6028: CSRF
First published: Sun Jan 12 2014(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phlymail | <=7.1.6 | |
| Phlymail | =6.3.0 | |
| Phlymail | =6.3.1 | |
| Phlymail | =6.3.2 | |
| Phlymail | =6.3.3 | |
| Phlymail | =6.3.4 | |
| Phlymail | =6.3.5 | |
| Phlymail | =6.3.6 | |
| Phlymail | =6.4.0 | |
| Phlymail | =6.4.1 | |
| Phlymail | =6.4.2 | |
| Phlymail | =6.5.0 | |
| Phlymail | =6.6.0 | |
| Phlymail | =6.6.1 | |
| Phlymail | =6.6.2 | |
| Phlymail | =6.6.3 | |
| Phlymail | =6.6.4 | |
| Phlymail | =6.20.4 | |
| Phlymail | =6.20.5 | |
| Phlymail | =6.20.6 | |
| Phlymail | =6.20.7 | |
| Phlymail | =6.20.8 | |
| Phlymail | =6.20.10 | |
| Phlymail | =6.20.11 | |
| Phlymail | =6.20.12 | |
| Phlymail | =6.20.13 | |
| Phlymail | =7.1.0 | |
| Phlymail | =7.1.1 | |
| Phlymail | =7.1.2 | |
| Phlymail | =7.1.3 | |
| Phlymail | =7.1.4 | |
| Phlymail | =7.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6028?
CVE-2013-6028 is considered a critical severity vulnerability due to its potential for cross-site request forgery, allowing unauthorized actions on behalf of administrators.
How do I fix CVE-2013-6028?
To fix CVE-2013-6028, update the Atmail Webmail Server to version 7.2 or later, which addresses these CSRF vulnerabilities.
What actions can attackers perform through CVE-2013-6028?
Attackers can use CVE-2013-6028 to hijack administrator accounts and perform actions such as adding, modifying, or deleting user accounts, as well as stopping the product's service.
Which versions of Atmail Webmail Server are affected by CVE-2013-6028?
CVE-2013-6028 affects Atmail Webmail Server versions prior to 7.2, including several versions in the 6.x and 7.1.x series.
What are the implications of CVE-2013-6028 for users?
Users of affected Atmail Webmail Server versions are at significant risk, as the vulnerability allows for full administrative control to be compromised by malicious actors.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atmail
- canonical/phlymail
- version/phlymail/7.1.6
- version/phlymail/6.3.0
- version/phlymail/6.3.1
- version/phlymail/6.3.2
- version/phlymail/6.3.3
- version/phlymail/6.3.4
- version/phlymail/6.3.5
- version/phlymail/6.3.6
- version/phlymail/6.4.0
- version/phlymail/6.4.1
- version/phlymail/6.4.2
- version/phlymail/6.5.0
- version/phlymail/6.6.0
- version/phlymail/6.6.1
- version/phlymail/6.6.2
- version/phlymail/6.6.3
- version/phlymail/6.6.4
- version/phlymail/6.20.4
- version/phlymail/6.20.5
- version/phlymail/6.20.6
- version/phlymail/6.20.7
- version/phlymail/6.20.8
- version/phlymail/6.20.10
- version/phlymail/6.20.11
- version/phlymail/6.20.12
- version/phlymail/6.20.13
- version/phlymail/7.1.0
- version/phlymail/7.1.1
- version/phlymail/7.1.2
- version/phlymail/7.1.3
- version/phlymail/7.1.4
- version/phlymail/7.1.5