CVE-2011-1491Improper Input Validation in Webmail

CWE-20Improper Input Validation8 documents6 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 39.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedApr 8
Latest updateMay 17

Description

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDroundcube/webmail0.5+10

Patches

Patch: openwall.comPatch: openwall.comPatch: trac.roundcube.net

🔴Vulnerability Details

3
GHSA
GHSA-r23x-gvpc-gggx: The login form in Roundcube Webmail before 02022-05-17
CVEList
CVE-2011-1491: The login form in Roundcube Webmail before 02011-04-08
OSV
CVE-2011-1491: The login form in Roundcube Webmail before 02011-04-08

📋Vendor Advisories

1
Debian
CVE-2011-1491: roundcube - The login form in Roundcube Webmail before 0.5.1 does not properly handle a corr...2011

💬Community

3
Bugzilla
CVE-2011-1491 CVE-2011-1492 roundcubemail: v0.5.1 two security fixes2011-03-24
Bugzilla
CVE-2011-1491 CVE-2011-1492 roundcubemail: v0.5.1 two security fixes [epel-6]2011-03-24
Bugzilla
CVE-2011-1491 CVE-2011-1492 roundcubemail: v0.5.1 two security fixes [fedora-all]2011-03-24
CVE-2011-1491 — Improper Input Validation in Webmail | cvebase