CVE-2011-4078 Information

Description

include/iniset.php in Roundcube Webmail 0.5.4 and earlier when PHP 5.3.7 or 5.3.8 is used allows remote attackers to trigger a GET request for an arbitrary URL and cause a denial of service (resource consumption and inbox outage) via a Subject header containing only a URL a related issue to CVE-2011-3379.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://openwall.com/lists/oss-security/2011/10/26/6 http://trac.roundcube.net/ticket/1488086 http://www.securityfocus.com/bid/50402 https://exchange.xforce.ibmcloud.com/vulnerabilities/71025