CVE-2014-9587

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-9587

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-9587.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2014-9587

Downstream

DEBIAN-CVE-2014-9587

DLA-613-1

Published

2015-01-15T15:59:21Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

References

http://roundcube.net/news/2014/12/18/update-1.0.4-released/
https://bugzilla.redhat.com/show_bug.cgi?id=1179780
http://www.openwall.com/lists/oss-security/2015/01/11/3
http://www.securityfocus.com/bid/71909
https://bugs.gentoo.org/show_bug.cgi?id=534766

CVE-2014-9587

Affected packages