Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2011-1491
HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-1491

2011-04-0815:17:28
Debian Security Bug Tracker
security-tracker.debian.org
9

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

64.6%

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker’s account and then compose an e-mail message, related to a “login CSRF” issue.

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

64.6%