Lucene search
HistoryJan 15, 2015 - 3:59 p.m.
CVE-2014-9587
cve-2014-9587
csrf
roundcube webmail
1.0.4
cross-site request forgery
authentication hijacking
vulnerabilities
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.6%
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Affected configurations
Node
roundcubewebmailRange≤1.0.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| roundcube:webmail | roundcube webmail | le | 1.0.3 |
Related
prion
prion
Cross site request forgery (csrf)
2015-01-15 15:59:00
debiancve
debiancve
CVE-2014-9587
2015-01-15 15:59:21
nessus
nessus
openSUSE Security Update : roundcubemail (openSUSE-SU-2015:0116-1)
2015-01-26 00:00:00
Debian DLA-613-1 : roundcube security update
2016-09-09 00:00:00
cvelist
cvelist
CVE-2014-9587
2015-01-15 15:00:00
nvd
nvd
CVE-2014-9587
2015-01-15 15:59:21
ubuntucve
ubuntucve
CVE-2014-9587
2015-01-15 00:00:00
osv
osv
roundcube - security update
2016-09-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-613-1)
2018-02-07 00:00:00
debian
debian
[SECURITY] [DLA 613-1] roundcube security update
2016-09-08 09:58:47
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.6%
Related for CVE-2014-9587