Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4368

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4368
Last Modified 27 Aug 2015 09:37:14
Published 19 Dec 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4368

Summary

roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.

Vulnerable Systems

Application

  • Roundcube Webmail -

  • Roundcube Webmail Project Roundcube Webmail


References

BUGTRAQ - 20060117 Re: Fullpath disclosure in roundcube webmail

BUGTRAQ - 20051217 Re: Fullpath disclosure in roundcube webmail

BUGTRAQ - 20051217 Fullpath disclosure in roundcube webmail


Last Updated: 27 May 2016 11:09:42