Описание
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.3.6+dfsg.1-1 |
| cosmic | ignored | end of life |
| devel | not-affected | 1.5.0+dfsg.1-2 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | not-affected | 1.3.6+dfsg.1-1 |
| esm-apps/focal | not-affected | 1.4.3+dfsg.1-1 |
| esm-apps/jammy | not-affected | 1.5.0+dfsg.1-2 |
| esm-apps/xenial | not-affected | 1.2~beta+dfsg.1-0ubuntu1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.
EPSS
5 Medium
CVSS2