Ticket #1484701 (closed Bugs: fixed)

Opened 9 months ago

Last modified 2 months ago

RoundCube Webmail CSS Expression Input Validation Vulnerability

Reported by: pomdapi Owned by:
Priority: 5 Milestone: 0.2-alpha
Component: Security issue Version: 0.1-rc2
Severity: normal Keywords:
Cc:

Description

Hello.

http://www.securityfocus.com/bid/26800 POC: http://www.securityfocus.com/data/vulnerabilities/exploits/26800.eml

Regards, pomdapi

Change History

Changed 8 months ago by thomasb

  • severity changed from critical to normal

Htmlpurifier (#1484584) should finally fix this.

It's not too critical since HTML mails can be disabled.

Changed 8 months ago by limburgher

Is this fixed in rc2, or will there be a new release with the fix?

Changed 7 months ago by chasd

My tests using the examples at http://openmya.hacker.jp/hasegawa/security/expression.txt show that HTMLPurifier will not solve this issue ( either version 2.1.3 for PHP4 or 3.0.0 for PHP5 ). My tests indicate a filter like the one at http://quickwired.com/smallprojects/php_xss_filter_function.php works better, but still needs some changes to catch all the examples given by Hasegawa.

Changed 7 months ago by seansan

  • milestone set to 0.1.1

review in 0.1.1 or move to 02. beta

Changed 3 months ago by thomasb

  • status changed from new to closed
  • resolution set to fixed

Fixed in r1452

Changed 2 months ago by add

http://www.jp-wrought-iron.com.cn

Note: See TracTickets for help on using tickets.