Lucene search
MitreCVE-2014-9587HistoryJan 15, 2015 - 3:59 p.m.
CVE-2014-9587
2015-01-1515:59:21
CWE-352
mitre
web.nvd.nist.gov
36
cve-2014-9587
csrf
roundcube webmail
1.0.4
cross-site request forgery
authentication hijacking
vulnerabilities
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9
Confidence
High
EPSS
0.002
Percentile
56.5%
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Affected configurations
Node
roundcubewebmailRange≤1.0.3
Related
prion
prion
Cross site request forgery (csrf)
2015-01-15 15:59:00
nessus
nessus
openSUSE Security Update : roundcubemail (openSUSE-SU-2015:0116-1)
2015-01-26 00:00:00
Debian DLA-613-1 : roundcube security update
2016-09-09 00:00:00
cvelist
cvelist
CVE-2014-9587
2015-01-15 15:00:00
ubuntucve
ubuntucve
CVE-2014-9587
2015-01-15 00:00:00
nvd
nvd
CVE-2014-9587
2015-01-15 15:59:21
debiancve
debiancve
CVE-2014-9587
2015-01-15 15:59:21
openvas
openvas
Debian: Security Advisory (DLA-613-1)
2018-02-07 00:00:00
osv
osv
roundcube - security update
2016-09-08 00:00:00
debian
debian
[SECURITY] [DLA 613-1] roundcube security update
2016-09-08 09:58:47
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9
Confidence
High
EPSS
0.002
Percentile
56.5%
Related for CVE-2014-9587