Homograph Attack Vulnerability in Roundcube Webmail by Roundcube
CVE-2019-15237

7.4HIGH

Key Information:

Vendor: Roundcube
Status: Webmail
Vendor: CVE Published:; 20 August 2019

What is CVE-2019-15237?

Roundcube Webmail versions up to 1.3.9 are susceptible to a vulnerability that improperly processes Punycode encoded domain names. This flaw can be exploited in homograph attacks, where deceptive domain names are played on visual similarities to trick users into clicking links that lead to malicious websites. It is crucial for users and administrators to update their Roundcube installations to mitigate these risks and enhance security.

References

https://github.com/roundcube/roundcubemail/issues/6891

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Aug 19, 2019