CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16651

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score53.1250%
EPSS Percentile96.81th
PublishedNov 9, 2017
Last ModifiedApr 21, 2026

Vulnerability Description

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.

Affected Platforms (CPE)

πŸ“¦
Roundcube

Webmail

<= 1.1.9
πŸ“¦
Roundcube

Webmail

= 1.2.0
πŸ“¦
Roundcube

Webmail

= 1.2.1
πŸ“¦
Roundcube

Webmail

= 1.2.2
πŸ“¦
Roundcube

Webmail

= 1.2.3
πŸ“¦
Roundcube

Webmail

= 1.2.4
πŸ“¦
Roundcube

Webmail

= 1.2.5
πŸ“¦
Roundcube

Webmail

= 1.2.6
πŸ“¦
Roundcube

Webmail

= 1.3.0
πŸ“¦
Roundcube

Webmail

= 1.3.1
πŸ“¦
Roundcube

Webmail

= 1.3.2
πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html
πŸ”— http://www.securityfocus.com/bid/101793
πŸ”— https://github.com/roundcube/roundcubemail/issues/6026
πŸ”— https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
πŸ”— https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
πŸ”— https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
πŸ”— https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html
πŸ”— https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10

Related Vulnerabilities

CVE-2001-095310.0

Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is i...

CVE-2003-120210.0

The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via...

CVE-2001-002110.0

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate...

CVE-2003-119210.0

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.