Security Alert: RoundCubeMail

Last modified: February 24, 2020
You are here:
Estimated reading time: 1 min

ATTENTION:  All server administrators using RoundCubeMail as their MailServer interface.

ISSUE:

Multiple vulnerabilities has been found and corrected in RoundCubeMail:

The login form

In Roundcube Webmail before 0.5.1 does not properly manage a correctly authenticated but unintended login attempt. This makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker’s account and then compose an e-mail message, related to a login CSRF issue (CVE-2011-1491).

steps/utils/modcss.inc

In Roundcube Webmail before 0.5.1, it does not properly verify that a request is an expected request for an external Cascading Style Sheet (CSS) stylesheet. It enables remote authenticated users to trigger arbitrary outbound TCP connections from the server and possibly acquire sensitive data through a crafted request. (CVE-2011-1492).

Cross-site scripting (XSS)

In Roundcube Webmail, vulnerability in UI messages before 0.5.4 allows remote attackers to inject arbitrary web scripts or HTML via the _mbox parameter to the default URI (CVE-2011-2937).

include/iniset.php

In Roundcube Webmail 0.5.4 and earlier, when using PHP 5.3.7 or 5.3.8, remote attackers can trigger a GET request for an arbitrary URL and cause a denial of service (resource consumption and inbox interruption) via a subject header containing only one URL, a related issue to CVE-2011-3379 (CVE-2011-4078).

RESOLUTION:

Upgrade the RoundCube Webmail to version 0.7.2

Was this article helpful?
Dislike 0
Views: 25