What is the severity of CVE-2009-4076?

CVE-2009-4076 is considered a medium severity vulnerability due to its potential to allow unauthorized actions on behalf of users.

How do I fix CVE-2009-4076?

To fix CVE-2009-4076, users should upgrade to Roundcube Webmail versions higher than 0.2.2 or apply available patches.

What systems are affected by CVE-2009-4076?

CVE-2009-4076 affects Roundcube Webmail versions 0.2.2 and earlier, including various release candidates and beta versions.

What type of vulnerability is CVE-2009-4076?

CVE-2009-4076 is a cross-site request forgery (CSRF) vulnerability that can be exploited to hijack user authentication.

Can I test for CVE-2009-4076 in my environment?

Yes, you can test for CVE-2009-4076 by checking for the affected versions of Roundcube Webmail and attempting to exploit the CSRF vector.

Vulnerability/
CVE-2009-4076

medium

6.8

CWE

352

25/11/2009

16/9/2024

CVE-2009-4076: CSRF

First published: Wed Nov 25 2009(Updated: )

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Roundcube Webmail	<=0.2.2
Roundcube Webmail	=0.1-rc1
Roundcube Webmail	=0.1-20050820
Roundcube Webmail	=0.1-20051007
Roundcube Webmail	=0.1
Roundcube Webmail	=0.1-beta2
Roundcube Webmail	=0.1-beta
Roundcube Webmail	=0.1-20050811
Roundcube Webmail	=0.2-stable
Roundcube Webmail	=0.2-alpha
Roundcube Webmail	=0.1-rc2
Roundcube Webmail	=0.1-stable
Roundcube Webmail	=0.1-20051021
Roundcube Webmail	=0.1.1
Roundcube Webmail	=0.1-alpha
Roundcube Webmail	=0.2
Roundcube Webmail	=0.2-beta
Roundcube Webmail	=0.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4076?
CVE-2009-4076 is considered a medium severity vulnerability due to its potential to allow unauthorized actions on behalf of users.
How do I fix CVE-2009-4076?
To fix CVE-2009-4076, users should upgrade to Roundcube Webmail versions higher than 0.2.2 or apply available patches.
What systems are affected by CVE-2009-4076?
CVE-2009-4076 affects Roundcube Webmail versions 0.2.2 and earlier, including various release candidates and beta versions.
What type of vulnerability is CVE-2009-4076?
CVE-2009-4076 is a cross-site request forgery (CSRF) vulnerability that can be exploited to hijack user authentication.
Can I test for CVE-2009-4076 in my environment?
Yes, you can test for CVE-2009-4076 by checking for the affected versions of Roundcube Webmail and attempting to exploit the CSRF vector.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
agent/references
agent/weakness
agent/severity
agent/author
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
vendor/roundcube
canonical/roundcube webmail
version/roundcube webmail/0.2.2
version/roundcube webmail/0.1-rc1
version/roundcube webmail/0.1-20050820
version/roundcube webmail/0.1-20051007
version/roundcube webmail/0.1
version/roundcube webmail/0.1-beta2
version/roundcube webmail/0.1-beta
version/roundcube webmail/0.1-20050811
version/roundcube webmail/0.2-stable
version/roundcube webmail/0.2-alpha
version/roundcube webmail/0.1-rc2
version/roundcube webmail/0.1-stable
version/roundcube webmail/0.1-20051021
version/roundcube webmail/0.1.1
version/roundcube webmail/0.1-alpha
version/roundcube webmail/0.2
version/roundcube webmail/0.2-beta
version/roundcube webmail/0.2.1