CVE-2011-1492

Roundcube Webmail < 0.5.1 - Authenticated Server-Side Request Forgery via CSS Stylesheet Request

Title source: llm
STIX 2.1

Description

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/24/3
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44050
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/24/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66613
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/04/04/50
Third Party Advisory x_refsource_confirm
http://trac.roundcube.net/wiki/Changelog
Patch x_refsource_confirm
http://trac.roundcube.net/changeset/4488

Scores

EPSS 0.0176
EPSS Percentile 75.4%

Details

CWE
CWE-20
Status published
Products (11)
roundcube/webmail 0.1 (6 CPE variants)
roundcube/webmail 0.1.1
roundcube/webmail 0.2 (3 CPE variants)
roundcube/webmail 0.2.1
roundcube/webmail 0.3 (3 CPE variants)
roundcube/webmail 0.3.1
roundcube/webmail 0.4 (2 CPE variants)
roundcube/webmail 0.4.1
roundcube/webmail 0.4.2
roundcube/webmail 0.5 beta (2 CPE variants)
... and 1 more
Published Apr 08, 2011
Tracked Since Feb 18, 2026