Vulnerability Details CVE-2009-4077
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://jvn.jp/en/jp/JVN75694913/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000072.html
- http://secunia.com/advisories/37235
- http://trac.roundcube.net/wiki/Changelog
- http://www.osvdb.org/59661
- http://jvn.jp/en/jp/JVN75694913/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000072.html
- http://secunia.com/advisories/37235
- http://trac.roundcube.net/wiki/Changelog
- http://www.osvdb.org/59661
Products affected by CVE-2009-4077
-
cpe:2.3:a:roundcube:webmail:-
-
cpe:2.3:a:roundcube:webmail:0.1
-
cpe:2.3:a:roundcube:webmail:0.1.1
-
cpe:2.3:a:roundcube:webmail:0.2
-
cpe:2.3:a:roundcube:webmail:0.2.1
-
cpe:2.3:a:roundcube:webmail:0.2.2