Zero-Day Advisory
Fortinet Discovers Roundcube Webmail Cross-Site Request Forgery Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a cross-site request forgery (CSRF) vulnerability in Roundcube webmail.
Roundcube is a free and open source webmail solution with a desktop-like user interface which is easy to install/configure and that runs on a standard LAMPP server.
The vulnerability exists due to insufficient anti-CSRF protection. It could be exploited to do unwanted file downloads.
Roundcube is a free and open source webmail solution with a desktop-like user interface which is easy to install/configure and that runs on a standard LAMPP server.
The vulnerability exists due to insufficient anti-CSRF protection. It could be exploited to do unwanted file downloads.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Roundcube.Webmail.AttachmentZipDownload.CSRF
Released Sep 13, 2016
Users should apply the solution provided by Roundcube.
Additional Information
The vulnerability was fixed in Roundcube webmail version 1.1.5.
Acknowledgement
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.