CVE-2011-1492

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://trac.roundcube.net/wiki/Changelog
http://openwall.com/lists/oss-security/2011/03/24/4	Patch
http://openwall.com/lists/oss-security/2011/03/24/3
http://trac.roundcube.net/changeset/4488	Patch
http://openwall.com/lists/oss-security/2011/04/04/50	Patch
http://secunia.com/advisories/44050	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66613

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roundcube:webmail:0.1:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.1:rc2::::::
	cpe:2.3:a:roundcube:webmail:0.3:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.4:beta::::::
	cpe:2.3:a:roundcube:webmail:0.1.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.1:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.2:beta::::::
	cpe:2.3:a:roundcube:webmail:0.2:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.3:::::::*
	cpe:2.3:a:roundcube:webmail:0.4.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.5:beta::::::
	cpe:2.3:a:roundcube:webmail:0.4:::::::*
	cpe:2.3:a:roundcube:webmail:0.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.1:beta2::::::
	cpe:2.3:a:roundcube:webmail:0.1:beta::::::
	cpe:2.3:a:roundcube:webmail:0.5:rc::::::
	cpe:2.3:a:roundcube:webmail:0.3:beta::::::
	cpe:2.3:a:roundcube:webmail::::::::
	cpe:2.3:a:roundcube:webmail:0.4.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.3.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.2.1:::::::*

Information

Published : 2011-04-08 08:17

Updated : 2017-08-16 18:34

NVD link : CVE-2011-1492

Mitre link : CVE-2011-1492

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

roundcube

webmail

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://trac.roundcube.net/wiki/Changelog", "name": "http://trac.roundcube.net/wiki/Changelog", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/03/24/4", "name": "[oss-security] 20110324 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://openwall.com/lists/oss-security/2011/03/24/3", "name": "[oss-security] 20110324 CVE request: roundcube < 0.5.1 CSRF", "tags": [], "refsource": "MLIST"}, {"url": "http://trac.roundcube.net/changeset/4488", "name": "http://trac.roundcube.net/changeset/4488", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2011/04/04/50", "name": "[oss-security] 20110404 Re: CVE request: roundcube < 0.5.1 CSRF", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/44050", "name": "44050", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66613", "name": "roundcube-modcss-security-bypass(66613)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1492", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-08T15:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.5"}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:34Z"}