CVE-2011-4078

Priority
Description
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7
or 5.3.8 is used, allows remote attackers to trigger a GET request for an
arbitrary URL, and cause a denial of service (resource consumption and
inbox outage), via a Subject header containing only a URL, a related issue
to CVE-2011-3379.
Notes
 mdeslaur> related issue to CVE-2011-3379
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
More Information

Updated: 2019-01-14 21:14:30 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)