{"alias":[],"description":"include\/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.","epss":{"percentile":"0.75152","score":"0.008590"},"id":"CVE-2011-4078","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"NETWORK","authentication":"NONE","availability_impact":"PARTIAL","base_score":5.0,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":10.0,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:N\/AC:L\/Au:N\/C:N\/I:N\/A:P","version":"2.0"}},"modified":"2026-04-29T01:13:23","nvd_status":"Modified","published":"2011-11-03T15:55:00","score":5.0,"severity":"MEDIUM","source":"secalert@redhat.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-399","name":"Resource Management Errors","type":"category"}]}