oss-sec mailing list archives

CVE request: roundcube < 0.5.1 CSRF

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 24 Mar 2011 10:24:31 +0100

http://trac.roundcube.net/wiki/Changelog

two cross site request forgery, one additional issue fixed in 0.5.1:

"Security: add optional referer check to prevent CSRF in GET requests
Security: protect login form submission from CSRF
Security: prevent from relaying malicious requests through modcss.inc"

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

JETZT zu Ökostrom wechseln: http://atomausstieg-selber-machen.de

Attachment: signature.asc
Description:

Current thread:

CVE request: roundcube < 0.5.1 CSRF Hanno Böck (Mar 24)
- Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky (Mar 24)