Vulnerability CVE-2011-1492 - CERT Civis.Net

Vulnerability Name:

CVE-2011-1492 (CCN-66613)

Assigned:

2011-04-06

Published:

2011-04-06

Updated:

2017-08-17

Summary:

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-1492

Source: MLIST
Type: UNKNOWN
[oss-security] 20110324 CVE request: roundcube < 0.5.1 CSRF

Source: MLIST
Type: Patch
[oss-security] 20110324 Re: CVE request: roundcube < 0.5.1 CSRF

Source: MLIST
Type: Patch
[oss-security] 20110404 Re: CVE request: roundcube < 0.5.1 CSRF

Source: CCN
Type: SA44050
RoundCube Webmail Arbitrary Mail Relay Vulnerability

Source: SECUNIA
Type: Vendor Advisory
44050

Source: CONFIRM
Type: Patch
http://trac.roundcube.net/changeset/4488

Source: CCN
Type: Roundcube Web Site
Changelog Release 0.5.1

Source: CONFIRM
Type: UNKNOWN
http://trac.roundcube.net/wiki/Changelog

Source: CCN
Type: OSVDB ID: 73870
Roundcube Webmail steps/utils/modcss.inc External CSS Request Remote Information Disclosure

Source: CCN
Type: BID-47247
RoundCube Webmail Remote Mail Relay Vulnerability

Source: XF
Type: UNKNOWN
roundcube-modcss-security-bypass(66613)

Source: XF
Type: UNKNOWN
roundcube-modcss-security-bypass(66613)

Vulnerable Configuration:

Configuration 1:

cpe:/a:roundcube:webmail:0.1:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.4:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.4:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:*:*:*:*:*:*:*:* (Version <= 0.5)

OR cpe:/a:roundcube:webmail:0.5:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.5:rc:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:roundcube:roundcube_webmail:0.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.precise:def:20111492000	V	CVE-2011-1492 on Ubuntu 12.04 LTS (precise) - low.	2011-04-08