Home > Vulnerability Database > CVE-2015-5383

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-5383

Date: May 22, 2017

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

Severity Score

7.5

Related Resources (7)

Url: http://www.openwall.com/lists/oss-security/2015/07/07/2

Url: https://github.com/roundcube/roundcubemail/commit/012555c1cef35601b543cde67bff8726de97eb39

Url: https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5383

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-5383

Url: https://github.com/roundcube/roundcubemail/issues/4816

Url: https://www.mend.io/vulnerability-database/CVE-2015-5383

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us