{"vuid":"VU#571584","idnumber":"571584","name":"Google Gmail cross-site request forgery vulnerability","keywords":["Cross-site request forgery","XSRF","multipart/form-data POST"],"overview":"According to public reports, Google Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses.","clean_desc":"Google Gmail is a web-based mail service. Gmail provides support for email filters that allow users to sort and forward mail. According to a report on the GNUCITIZEN site, Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create mail filters and forward mail to arbitrary email addresses. To exploit this vulnerability, an attacker would have had to convince a user to click or open a specially crafted hyperlink while the user was logged into their Gmail account. The hyperlink would have contained an http POST request that created the mail filter.","impact":"A remote attacker could have collected email addresses, emails, and attachments from a user's Gmail account.","resolution":"According to publicly available reports, Google has addressed this vulnerability.","workarounds":"The following workarounds may partially mitigate future cross-site scripting (XSS) and XSRF vulnerabilities: Workarounds for users\nUsing Gmail's SMTP and POP or IMAP servers to send and receive mail will mitigate vulnerabilities in the Gmail web interface. The NoScript Firefox extension may mitigate XSRF and XSS vulnerabilities by restricting which sites can execute JavaScript and send cross-site POST requests. Encrypting sensitive emails and attachments will limit the impact of XSRF or other authentication bypass vulnerabilities. Workarounds for administrators\nBlacklisting known XSS or XSRF exploit URLs using proxy server or application firewall rules at the network permiter may prevent some vulnerabilities from being exploited. Note that this workaround will not stop all known XSS or XSRF attack vectors.","sysaffected":"","thanks":"Information about this vulnerability was disclosed on the \nGNUCITIZEN\n web site.","author":"This document was written by Ryan Giobbi.","public":["http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/","http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html","http://mail.google.com/support/bin/answer.py?hl=en&answer=13273","http://noscript.net/","http://www.cert.org/homeusers/email_postcard.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-09-27T18:00:06Z","publicdate":"2007-09-25T00:00:00Z","datefirstpublished":"2007-10-01T15:30:17Z","dateupdated":"2008-02-12T11:44:42Z","revision":19,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"2","cam_attackeraccessrequired":"5","cam_scorecurrent":"0.7875","cam_scorecurrentwidelyknown":"0.825","cam_scorecurrentwidelyknownexploited":"1.575","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.7875,"vulnote":null}