virus logo Intrusion Prevention

Roundcube.Webmail.filesystem_attachments.Path.Traversal

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal vulnerability in Roundcube Webmail.
The vulnerability is due to improper validation of HTTP requests. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in reading of arbitrary files and sensitive data being exposed.

affected-products-logoAffected Products

Roundcube Webmail 1.1.x prior to 1.1.10.
Roundcube Webmail 1.2.x prior to 1.2.7.
Roundcube Webmail 1.3.x prior to 1.3.3.

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://roundcube.net/news/updates/

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-25 28.833
Modified
 Name:Roundcube.
Webmail.
filesystem_attachments.
Directory.
Traversal:Roundcube.
Webmail.
filesystem_attachments.
Path.
Traversal
2024-01-24 26.721
Modified
 Default_action:pass:drop
2024-01-16 26.715
New
ID 54551
Created Jan 08, 2024
Updated Jul 23, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 35.23%
Default Action drop
Active
Affected OS Linux
Affected App Other
Profile Type Path Traversal