Roundcube Community Forum

Miscellaneous => Roundcube Discussion => Topic started by: winstonhong on June 30, 2015, 04:20:24 PM

Title: Roundcube Vulnerability scanned by RIPS and CVE
Post by: winstonhong on June 30, 2015, 04:20:24 PM

Hello Roundcube team.

Thank you very much for your wonderful product.

When I investigate the vulnerability of web applications, I found the potential PHP vulnerability of Roundcube.

Would you please try the following 3 approaches to test the vulnerability of Roundcube? Thanks.

(1) Security Vulnerability of Roundcube reported by CVE

http://www.cvedetails.com/vulnerability-list/vendor_id-8905/Roundcube.html

(2) Scan Roundcube source code using RIPS

http://rips-scanner.sourceforge.net/

(3) Scan Roundcube source code using PHP-Vulnerability-test-suite

https://github.com/stivalet/PHP-Vulnerability-test-suite


In the mean time, we will try to scan Roundcube webmail server using the following general approaches. We will report our result to you.

http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/

Thank you for your attention.

Best regards,

Winston Hong

Title: Re: Roundcube Vulnerability scanned by RIPS and CVE
Post by: SKaero on June 30, 2015, 06:24:04 PM

All known vulnerability in Roundcube have been patched, make sure your testing the latest Roundcube version. If you do find any new vulnerability in the current version of Roundcube please report them.