PT-2016-5836 · Roundcube+2 · Roundcube Webmail+2

Thomascube

·

Publicado

2016-04-22

·

Atualizado

2026-03-30

·

CVE-2016-4069

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.1.5
Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that download attachments, potentially causing a denial of service due to disk consumption.
Recommendations For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue.

Correção

DoS

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

ALT-PU-2016-1365
CVE-2016-4069
DLA-613-1
MGASA-2016-0155
USN-8132-1

Produtos afetados

Alt Linux
Roundcube Webmail
Ubuntu