Vulnerabilities > CVE-2011-4078 - Resource Management Errors vulnerability in Roundcube Webmail

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

roundcube

php

CWE-399

nessus

NVD

Published: 2011-11-03

Updated: 2017-08-29

Summary

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.

Vulnerable Configurations

Part	Description	Count
Application	Roundcube Roundcube Webmail 0.1 Roundcube Webmail 0.1.1 Roundcube Webmail 0.2 Roundcube Webmail 0.2.1 Roundcube Webmail 0.3 Roundcube Webmail 0.3.1 Roundcube Webmail 0.4 Roundcube Webmail 0.4.1 Roundcube Webmail 0.4.2 Roundcube Webmail 0.5 Roundcube Webmail 0.5.1 Roundcube Webmail 0.5.2 Roundcube Webmail 0.5.3 Roundcube Webmail 0.2.2 Roundcube Webmail 0.5.4	39
Application	Php PHP PHP 5.3.7 PHP PHP 5.3.8	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Web Servers
NASL id	HPSMH_7_1_1_1.NASL
description	According to the web server
last seen	2020-06-01
modified	2020-06-02
plugin id	59851
published	2012-07-05
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59851
title	HP System Management Homepage < 7.1.1 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References