CVE-2014-9587
roundcube - security update
EPSS 3.7%
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
How to fix CVE-2014-9587
To remediate CVE-2014-9587, upgrade the affected package to a fixed version below.
- Debian/roundcube—upgrade to 1.1.1+dfsg.1-2 or later
- Debian/roundcube—upgrade to 0.7.2-9+deb7u4 or later
Is CVE-2014-9587 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.1.1+dfsg.1-2
- from 0, < 0.7.2-9+deb7u4