QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4078

Published: Nov 3, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://trac.roundcube.net/ticket/1488086

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

webmail-uri-dos(71025)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

[oss-security] 20111026 Re: CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_HP

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.