Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-4069

Опубликовано: 25 авг. 2016
Источник: debian

Описание

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
roundcubefixed1.1.5+dfsg.1-1package

Примечания

  • https://github.com/roundcube/roundcubemail/issues/4957

  • https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115

  • https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5

  • https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)

  • https://www.openwall.com/lists/oss-security/2016/04/23/3

Связанные уязвимости

ubuntu логотип

CVE-2016-4069

CVSS3: 8.8
ubuntu
больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

nvd логотип

CVE-2016-4069

CVSS3: 8.8
nvd
больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

github логотип

GHSA-c625-ghm3-xfc2

CVSS3: 8.8
github
больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

suse-cvrf логотип

openSUSE-SU-2016:2109-1

suse-cvrf
больше 9 лет назад

Security update for roundcubemail