header-logo
Suggest Exploit
vendor:
Round Cube
by:
Unknown
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Round Cube
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Round Cube Installation Path Disclosure

Round Cube reveals its installation path in an error message output to the client, which can be useful for attackers in other attacks against the target server. The trigger for this behavior is not clear and may be dependent on web-server or script configuration settings.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15920/info

Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against the target server. The trigger for this behavior is not clear; it may occur whenever a script fails and may be dependent on web-server or script configuration settings. 

Requesting this link:

http://xxxx.com/roundcube/?_auth=cf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce= &_task=ma%60il

Caused this error message:

**PHP Error in /usr/local/apache2/htdocs/roundcube/index.php (301)*:* Invalid request failed/file not found

Navigation

Suggest Exploit

Services By CQR