RoundCube Webmail '_session' Parameter Remote Security Vulnerability

Bugtraq ID: 63300
Class: Design Error
CVE: CVE-2013-6172
Remote: Yes
Local: No
Published: Oct 21 2013 12:00AM
Updated: Mar 17 2014 12:05AM
Credit: The vendor reported this issue.
Vulnerable: Roundcube Webmail 0.5.1
Roundcube Webmail 0.5
Roundcube Webmail 0.4.2
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4
Roundcube Webmail 0.3.1
Roundcube Webmail 0.3
Roundcube Webmail 0.2.1
Roundcube Webmail 0.2
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus