Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9587

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9587
Last Modified 16 Jan 2015 12:19:05
Published 15 Jan 2015 10:59:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9587

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

Vulnerable Systems

Application

  • Roundcube Webmail 1.0.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1179780

MISC - https://bugs.gentoo.org/show_bug.cgi?id=534766

BID - 71909

MLIST - [oss-security] 20150111 Re: CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins

CONFIRM - http://roundcube.net/news/2014/12/18/update-1.0.4-released/


Last Updated: 27 May 2016 11:07:34