CVE-2005-4368

Name of the Vulnerable Software and Affected Versions Roundcube Webmail Alpha

Description The issue allows remote attackers to obtain the full path of the application via an invalid task parameter. This occurs when the default high verbose level is set, specifically with $rcmail config['debug level'] equal to 1. The path is leaked in an error message.

Recommendations For Roundcube Webmail Alpha, consider setting $rcmail config['debug level'] to a lower value to minimize the amount of information disclosed in error messages. As a temporary workaround, restrict access to the application to minimize the risk of path disclosure until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.