CVE-2019-15237Insufficient Visual Distinction of Homoglyphs Presented to User in Webmail

8 documents6 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 65.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Roundcube WebmailFedoraproject Fedora
Timeline
PublishedAug 20
Latest updateMay 24

Description

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

Also affects: Fedora 29

🔴Vulnerability Details

3
GHSA
GHSA-j43j-vfwj-cc4j: Roundcube Webmail through 12022-05-24
CVEList
CVE-2019-15237: Roundcube Webmail through 12019-08-20
OSV
CVE-2019-15237: Roundcube Webmail through 12019-08-20

📋Vendor Advisories

1
Debian
CVE-2019-15237: roundcube - Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading t...2019

💬Community

3
Bugzilla
CVE-2019-15237 roundcube: mishandling of Punycode xn-- domain name leads to homograph attack2019-08-30
Bugzilla
CVE-2019-15237 roundcubemail: roundcube: mishandling of Punycode xn-- domain name leads to homograph attack [epel-all]2019-08-30
Bugzilla
CVE-2019-15237 roundcubemail: roundcube: mishandling of Punycode xn-- domain name leads to homograph attack [fedora-all]2019-08-30
CVE-2019-15237 — Roundcube Webmail vulnerability | cvebase