Intrusion Prevention

Roundcube.Webmail.AttachmentZipDownload.CSRF

Description

This indicates the detection of an attack attempt against a cross-site request forgery (CSRF) vulnerability in Roundcube Webmail.
The vulnerability is due to insufficient sanitizing of HTTP requests on the application. A remote attacker can exploit this to hijack user authentication requests.

Affected Products

Roundcube webmail version 1.1.4 and before.

Impact

Information Spoofing: Remote attackers can spoof data of vulnerable systems.

Recommended Actions

Upgrade to the latest version available from
https://roundcube.net/download/

CVE References

CVE-2016-4069