RoundCube Webmail '_session' Parameter Remote Security Vulnerability

Bugtraq ID: 63300
Class: Design Error
CVE: CVE-2013-6172
Remote: Yes
Local: No
Published: Oct 21 2013 12:00AM
Updated: Apr 13 2015 10:22PM
Credit: The vendor reported this issue.
Vulnerable: S.u.S.E. openSUSE 13.1
S.u.S.E. openSUSE 12.3
Roundcube Webmail 0.9.4
Roundcube Webmail 0.9.3
Roundcube Webmail 0.8.6
Roundcube Webmail 0.8.5
Roundcube Webmail 0.7.3
Roundcube Webmail 0.7.2
Roundcube Webmail 0.5.1
Roundcube Webmail 0.4.2
Roundcube Webmail 0.3.1
Roundcube Webmail 0.2.1
Roundcube Webmail 0.9.2
Roundcube Webmail 0.8.4
Roundcube Webmail 0.6
Roundcube Webmail 0.5
Roundcube Webmail 0.4.1
Roundcube Webmail 0.4
Roundcube Webmail 0.3
Roundcube Webmail 0.2
Roundcube Webmail 0.1
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Roundcube Webmail 0.9.5
Roundcube Webmail 0.8.7


 

Privacy Statement
Copyright 2010, SecurityFocus