CVE-2011-1492

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://openwall.com/lists/oss-security/2011/03/24/3
http://openwall.com/lists/oss-security/2011/03/24/4	Patch
http://openwall.com/lists/oss-security/2011/04/04/50	Patch
http://secunia.com/advisories/44050	Vendor Advisory
http://trac.roundcube.net/changeset/4488	Patch
http://trac.roundcube.net/wiki/Changelog
https://exchange.xforce.ibmcloud.com/vulnerabilities/66613

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roundcube:webmail::::::::
	cpe:2.3:a:roundcube:webmail:0.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.1:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.1:beta::::::
	cpe:2.3:a:roundcube:webmail:0.1:beta2::::::
	cpe:2.3:a:roundcube:webmail:0.1:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.1:rc2::::::
	cpe:2.3:a:roundcube:webmail:0.1.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.2:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.2:beta::::::
	cpe:2.3:a:roundcube:webmail:0.2.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.3:::::::*
	cpe:2.3:a:roundcube:webmail:0.3:beta::::::
	cpe:2.3:a:roundcube:webmail:0.3:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.3.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.4:::::::*
	cpe:2.3:a:roundcube:webmail:0.4:beta::::::
	cpe:2.3:a:roundcube:webmail:0.4.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.4.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.5:beta::::::
	cpe:2.3:a:roundcube:webmail:0.5:rc::::::

History

No history.

Information

Published : 2011-04-08 15:17

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1492

Mitre link : CVE-2011-1492

CVE.ORG link : CVE-2011-1492

JSON object : View

Products Affected

roundcube

webmail

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-1492", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-08T15:17:28.447", "references": [{"url": "http://openwall.com/lists/oss-security/2011/03/24/3", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2011/03/24/4", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2011/04/04/50", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/44050", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://trac.roundcube.net/changeset/4488", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://trac.roundcube.net/wiki/Changelog", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66613", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request."}, {"lang": "es", "value": "steps/utils/modcss.inc en Roundcube Webmail anterior a v0.5.1 no comprueba correctamente que una solicitud es una solicitud esperada para una hoja de estilo externa (Cascading Style Sheets), permitiendo a usuarios remotos autenticados lanzar conexiones arbitrarias salientes TCP desde el servidor , y posiblemente obtener informaci\u00f3n sensible, a trav\u00e9s de una solicitud manipulada."}], "lastModified": "2017-08-17T01:34:14.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E961628-4624-4095-8CE6-698F66BF462B", "versionEndIncluding": "0.5"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C785B00-7F4D-4EBD-A9FA-726D4D35E5D1"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F433741-5F73-43B5-A522-C484C64C66A7"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09DF755B-041E-4A61-BEF6-A613F6F0CE13"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34D20437-7DE7-4DB8-8C11-37B09A87E3A4"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55FB4AA3-3528-46B7-BBB9-9185DAA5425C"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "066AA2BC-95A8-43E8-A1FE-9F15860691E1"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FB886B-35A4-4A8C-AE18-62C845886018"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83FF6973-9BAC-4DF2-BACE-42F0D9340A27"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB6449FD-C6EE-497C-BE34-88900883AD09"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CEF8BF6-E09F-4376-B089-9B722A84F591"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "946B0B6A-46D3-46B9-BD1E-B03D3339EEB3"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D6EA96-EE58-47C3-B545-7238B3F64941"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3584BB62-818D-4A5B-BC7D-EAB0B85614EA"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332FF744-3682-4818-9602-8F868BF0781E"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B502047-4DDD-4586-978C-6CEE1C41F923"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43581564-48CF-410C-9CE1-CBAE71153DA5"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A5CC548-05E4-4059-8252-FA78ECBB95A0"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3FA495A-D7FE-4461-AF57-EB649A1C49B6"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D773E61-113A-4EE8-804E-0584B73AB58D"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0D4825-F78E-40F5-A9CB-45B73DE8FBD4"}, {"criteria": "cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C8376B9-4DF2-4E23-9C43-EEDE3D800519"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}