Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1491

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-1491
Last Modified 20 Apr 2011 12:00:00
Published 08 Apr 2011 11:17:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1491

Summary

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

Vulnerable Systems

Application

  • Roundcube Webmail 0.1

  • Roundcube Webmail 0.1.1

  • Roundcube Webmail 0.2

  • Roundcube Webmail 0.2.1

  • Roundcube Webmail 0.3

  • Roundcube Webmail 0.3.1

  • Roundcube Webmail 0.4

  • Roundcube Webmail 0.4.1

  • Roundcube Webmail 0.4.2

  • Roundcube Webmail 0.5


References

CONFIRM - http://trac.roundcube.net/changeset/4490

MLIST - [oss-security] 20110404 Re: CVE request: roundcube < 0.5.1 CSRF

MLIST - [oss-security] 20110324 Re: CVE request: roundcube < 0.5.1 CSRF

XF - roundcube-login-info-disclosure(66815)

CONFIRM - http://trac.roundcube.net/wiki/Changelog

MLIST - [oss-security] 20110324 CVE request: roundcube < 0.5.1 CSRF


Last Updated: 27 May 2016 10:56:21