TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2017-16651

HIGHCISA KEV
7.8

Beschreibung

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.

CVE Details

CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht11/9/2017
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerRoundcube
ProduktRoundcube Webmail
SchwachstellennameRoundcube Webmail File Disclosure Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown

Betroffene Produkte

debian:debian_linuxroundcube:webmail

Schwachen (CWE)

CWE-552CWE-552

Referenzen

http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html(cve@mitre.org)
http://www.securityfocus.com/bid/101793(cve@mitre.org)
https://github.com/roundcube/roundcubemail/issues/6026(cve@mitre.org)
https://github.com/roundcube/roundcubemail/releases/tag/1.1.10(cve@mitre.org)
https://github.com/roundcube/roundcubemail/releases/tag/1.2.7(cve@mitre.org)
https://github.com/roundcube/roundcubemail/releases/tag/1.3.3(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html(cve@mitre.org)
https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10(cve@mitre.org)
https://www.debian.org/security/2017/dsa-4030(cve@mitre.org)
http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/101793(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/roundcube/roundcubemail/issues/6026(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/roundcube/roundcubemail/releases/tag/1.1.10(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/roundcube/roundcubemail/releases/tag/1.2.7(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/roundcube/roundcubemail/releases/tag/1.3.3(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-4030(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.