CVE-2011-4078

Priority
Description
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7
or 5.3.8 is used, allows remote attackers to trigger a GET request for an
arbitrary URL, and cause a denial of service (resource consumption and
inbox outage), via a Subject header containing only a URL, a related issue
to CVE-2011-3379.
Notes
 mdeslaur> related issue to CVE-2011-3379
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):needs-triage
More Information

Updated: 2019-04-26 14:14:32 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)