|
[Japanese]
|
JVNDB-2009-000072
|
Roundcube Webmail vulnerable to cross-site request forgery
|
|
Roundcube Webmail provided by Roundcube Webmail Project contains a cross-site requesst forgery vulnerability.
Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability.
This issue is different from JVN#33820033 and JVN#72974205.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
Base Metrics:
2.6 (Low)
[IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Roundcube Webmail Project
- Roundcube Webmail 0.2.2 and earlier
|
|
An attacker may be able to send arbitrary emails.
|
|
[Update the Software]
Apply the latest update provided by the developer.
|
|
Roundcube Webmail Project
|
|
- JVN : JVN#75694913
- National Vulnerability Database (NVD) : CVE-2009-4077
- Common Vulnerabilities and Exposures (CVE) : CVE-2009-4077
- Secunia Advisory : SA37235
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 59661
- Common Weakness Enumeration (CWE) : Cross-Site Request Forgery (CWE-352) [IPA Evaluation]
|
|
[2009/11/04]
Web page published
|
|
| 2009/11/04 |
| 2009/11/04 |
| 2009/11/04 |
|
