Lucene search

MitreCVE-2015-2180

HistoryJan 30, 2017 - 10:59 p.m.

CVE-2015-2180

2017-01-3022:59:00

CWE-74

mitre

web.nvd.nist.gov

cve-2015-2180

dbmail

password plugin

roundcube

remote attackers

arbitrary commands

shell metacharacters

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

Affected configurations

Nvd

Node

roundcubewebmailRange≤1.1rc

VendorProductVersionCPE
roundcubewebmail*cpe:2.3:a:roundcube:webmail:*:rc:*:*:*:*:*:*

Vendor	Product	Version	CPE
roundcube	webmail	*	cpe:2.3:a:roundcube:webmail::rc::::::*

References

www.securityfocus.com/bid/96387

github.com/roundcube/roundcubemail/issues/4757

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

75.2%

JSON

Related for CVE-2015-2180