JVNDB-2007-000805

[Japanese]
JVNDB-2007-000805
RoundCube Webmail cross-site request forgery vulnerability
Overview
RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Roundcube.net Roundcube 0.1-alpha to 0.1-RC1

Impact
Information such as email subject lines may be disclosed on the web browser of a user who logged into RoundCube Webmail.
Solution
[Update the Software] Apply the latest updates provided by the vendor.
Vendor Information
Roundcube.net Roundcube : ROUNDCUBE WEBMAIL PROJECT Roundcube Webmail : RoundCube Webmail 0.1-RC2 released (sourceforge.net) Roundcube Webmail : Latest Version (sourceforge.net)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#33820033
Revision History
[2008/05/21] Web page published

RoundCube Webmail cross-site request forgery vulnerability