Lucene search
Alpine Linux Development TeamALPINE:CVE-2018-9846HistoryApr 07, 2018 - 9:29 p.m.
CVE-2018-9846
2018-04-0721:29:00
Alpine Linux Development Team
security.alpinelinux.org
15
0.408 Medium
EPSS
Percentile
97.3%
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it’s possible to exploit the unsanitized, user-controlled “_uid” parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.10-community | noarch | roundcubemail | < 1.3.6-r0 | UNKNOWN |
| Alpine | 3.7-community | noarch | roundcubemail | < 1.3.6-r0 | UNKNOWN |
| Alpine | 3.8-community | noarch | roundcubemail | < 1.3.6-r0 | UNKNOWN |
| Alpine | 3.9-community | noarch | roundcubemail | < 1.3.6-r0 | UNKNOWN |
Related
nessus
nessus
Debian DSA-4181-1 : roundcube - security update
2018-04-30 00:00:00
Fedora 26 : roundcubemail (2018-f6dc921a19)
2018-04-23 00:00:00
Fedora 27 : roundcubemail (2018-57fbdb1cb5)
2018-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: roundcubemail-1.3.6-1.fc28
2018-04-27 04:15:03
[SECURITY] Fedora 27 Update: roundcubemail-1.3.6-1.fc27
2018-04-21 03:41:21
[SECURITY] Fedora 26 Update: roundcubemail-1.3.6-1.fc26
2018-04-21 03:03:25
mageia
mageia
Updated roundcubemail packages fix security vulnerability
2018-06-20 02:42:28
osv
osv
CVE-2018-9846
2018-04-07 21:29:00
roundcube - security update
2018-04-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Roundcube Webmail archive.php IMAP Command Injection (CVE-2018-9846)
2018-05-14 00:00:00
prion
prion
Design/Logic Flaw
2018-04-07 21:29:00
archlinux
archlinux
[ASA-201804-8] roundcubemail: arbitrary command execution
2018-04-19 00:00:00
openvas
openvas
Roundcube Webmail 1.2.0 - 1.3.5 MX Injection Vulnerability
2018-04-10 00:00:00
Fedora Update for roundcubemail FEDORA-2018-f6dc921a19
2018-04-21 00:00:00
Fedora Update for roundcubemail FEDORA-2018-57fbdb1cb5
2018-04-21 00:00:00
debian
debian
[SECURITY] [DSA 4181-1] roundcube security update
2018-04-28 06:16:24
[SECURITY] [DSA 4181-1] roundcube security update
2018-04-28 06:16:05
cve
cve
CVE-2018-9846
2018-04-07 21:29:00
freebsd
freebsd
roundcube -- IMAP command injection vulnerability
2018-04-11 00:00:00
debiancve
debiancve
CVE-2018-9846
2018-04-07 21:29:00
cvelist
cvelist
CVE-2018-9846
2018-04-07 21:00:00
ubuntucve
ubuntucve
CVE-2018-9846
2018-04-07 00:00:00