QwikSec

Security Database

CVE

CWE

Training

CVE-2016-4069

Published: Aug 25, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/issues/4957

x_refsource_CONFIRM

openSUSE-SU-2016:2109

vendor-advisory

x_refsource_SUSE

[oss-security] 20160423 Re: CVE Request: Roundcube: XSS issue in SVG image handling and protection for download urs against CSRF

mailing-list

x_refsource_MLIST

https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53

x_refsource_CONFIRM

https://github.com/roundcube/roundcubemail/releases/tag/1.1.5

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.