CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Published: 2008-01-11 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2007-6018 is rated Moderate Risk (51.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.40%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-6018

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-28 1.31% 1.40% +0.09%
2 2026-02-05 1.15% 1.31% +0.16%
3 2025-03-30 1.15%

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-6018

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 4.9 [email protected]

Weakness enumeration for CVE-2007-6018

OS Trackers for CVE-2007-6018

vendor priority summary link
gentoo normal CVE-2007-6018: 1 GLSA(s) (200802-03), 1 atom(s) (www-apps/horde-imp); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2007-6018
redhat high https://access.redhat.com/security/cve/CVE-2007-6018
ubuntu medium CVE-2007-6018 medium priority: Ubuntu including 2 source packages (horde3, imp4), 18 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): not-affected 8, ignored 4, released 4, needs-triage 2. https://ubuntu.com/security/CVE-2007-6018

Affected software / configurations for CVE-2007-6018

Vendor Product Version Raw CPE
horde framework 3.1.5 cpe:2.3:a:horde:framework:3.1.5:*:*:*:*:*:*:*
horde groupware_webmail_edition 1.0.3 cpe:2.3:a:horde:groupware_webmail_edition:1.0.3:*:*:*:*:*:*:*
horde horde 3.1.5 cpe:2.3:a:horde:horde:3.1.5:*:*:*:*:*:*:*
horde imp 4.1.5 cpe:2.3:a:horde:imp:4.1.5:*:*:*:*:*:*:*

References for CVE-2007-6018

URL Tags
http://cvs.horde.org/diff.php/groupware/docs/groupware/CHANGES?r1=1.17&r2=1.17.2.1&ty=h
http://cvs.horde.org/diff.php/groupware/docs/webmail/CHANGES?r1=1.12&r2=1.12.2.1&ty=h
http://lists.horde.org/archives/announce/2008/000360.html
http://lists.horde.org/archives/announce/2008/000365.html
http://lists.horde.org/archives/announce/2008/000366.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/28020 Vendor Advisory
http://secunia.com/advisories/28546
http://secunia.com/advisories/29184
http://secunia.com/advisories/29185
http://secunia.com/advisories/29186
http://secunia.com/advisories/34418
http://secunia.com/secunia_research/2007-102/advisory/ Vendor Advisory
http://www.debian.org/security/2008/dsa-1470
http://www.securityfocus.com/bid/27223 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=428625
https://exchange.xforce.ibmcloud.com/vulnerabilities/39595
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00888.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00927.html
cvelogic Threat Intelligence