CVE-2009-4077

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:20050811:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:20050820:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:20051007:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:20051021:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN75694913/index.html - () http://jvn.jp/en/jp/JVN75694913/index.html -
References () http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000072.html - () http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000072.html -
References () http://secunia.com/advisories/37235 - Vendor Advisory () http://secunia.com/advisories/37235 - Vendor Advisory
References () http://trac.roundcube.net/wiki/Changelog - () http://trac.roundcube.net/wiki/Changelog -
References () http://www.osvdb.org/59661 - () http://www.osvdb.org/59661 -

Information

Published : 2009-11-25 22:00

Updated : 2024-11-21 01:08


NVD link : CVE-2009-4077

Mitre link : CVE-2009-4077

CVE.ORG link : CVE-2009-4077


JSON object : View

Products Affected

roundcube

  • webmail
CWE
CWE-352

Cross-Site Request Forgery (CSRF)