Lucene search

K
nvd[email protected]NVD:CVE-2011-1491
HistoryApr 08, 2011 - 3:17 p.m.

CVE-2011-1491

2011-04-0815:17:28
CWE-20
web.nvd.nist.gov
2

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

64.6%

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker’s account and then compose an e-mail message, related to a β€œlogin CSRF” issue.

Affected configurations

NVD
Node
roundcubewebmailRange≀0.5
OR
roundcubewebmailMatch0.1
OR
roundcubewebmailMatch0.1alpha
OR
roundcubewebmailMatch0.1beta
OR
roundcubewebmailMatch0.1beta2
OR
roundcubewebmailMatch0.1rc1
OR
roundcubewebmailMatch0.1rc2
OR
roundcubewebmailMatch0.1.1
OR
roundcubewebmailMatch0.2
OR
roundcubewebmailMatch0.2alpha
OR
roundcubewebmailMatch0.2beta
OR
roundcubewebmailMatch0.2.1
OR
roundcubewebmailMatch0.3
OR
roundcubewebmailMatch0.3beta
OR
roundcubewebmailMatch0.3rc1
OR
roundcubewebmailMatch0.3.1
OR
roundcubewebmailMatch0.4
OR
roundcubewebmailMatch0.4beta
OR
roundcubewebmailMatch0.4.1
OR
roundcubewebmailMatch0.4.2
OR
roundcubewebmailMatch0.5beta
OR
roundcubewebmailMatch0.5rc

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

64.6%