Lucene search

[email protected]NVD:CVE-2015-5383

HistoryMay 23, 2017 - 4:29 a.m.

CVE-2015-5383

2017-05-2304:29:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

Affected configurations

Nvd

Node

roundcuberoundcube_webmailMatch1.1.1

roundcubewebmailMatch1.1

roundcubewebmailMatch1.1beta

roundcubewebmailMatch1.1rc

VendorProductVersionCPE
roundcuberoundcube_webmail1.1.1cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
roundcubewebmail1.1cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*

Vendor	Product	Version	CPE
roundcube	roundcube_webmail	1.1.1	cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:::::::*
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:::::::*
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:beta::::::
roundcube	webmail	1.1	cpe:2.3:a:roundcube:webmail:1.1:rc::::::