Check Point Advisories

Update Protection against Roundcubemail PHP Arbitrary Code Injection

Check Point Reference: CPAI-2009-013
Date Published: 15 Jan 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Securiteam
Industry Reference:CVE-2008-5619
Protection Provided by:
Who is Vulnerable? RoundCube Webmail version 0.2-beta and prior
Vulnerability Description A vulnerability has been identified in RoundCube Webmail, a browser-based IMAP client. The vulnerability could be triggered via a specially crafted POST request to compromise a vulnerable web server.
Update/Patch AvaliableApply the patch provided at: http://sourceforge.net/forum/forum.php?forum_id=898542.

Vulnerability DetailsThe vulnerability is caused by input validation errors in the "oundcubemail/program/lib/html2text.php" script when processing HTML tags, allowing attackers to inject and execute arbitrary code via a specially crafted POST request.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK