CVE-2014-9587

EPSS 3.7%

roundcube - security update

Published: 1/15/2015Modified: 5/29/2026

Also known as:DEBIAN-CVE-2014-9587

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

Affected packages (2)

Debian/roundcubefrom 0, < 1.1.1+dfsg.1-2
Debian/roundcubefrom 0, < 0.7.2-9+deb7u4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9587