Roundcube.Webmail.AttachmentZipDownload.CSRF
Description
This indicates the detection of an attack attempt against a cross-site request forgery (CSRF) vulnerability in Roundcube Webmail.
The vulnerability is due to insufficient sanitizing of HTTP requests on the application. A remote attacker can exploit this to hijack user authentication requests.
Affected Products
Roundcube webmail version 1.1.4 and before.
Impact
Information Spoofing: Remote attackers can spoof data of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from
https://roundcube.net/download/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:medium:high |