[Pkg-roundcube-maintainers] Bug#508628: roundcube: remote code execution vuln in html2text.php, uses preg_replace with "e".
Florian Weimer
fw at deneb.enyo.de
Sat Dec 13 18:28:56 UTC 2008
* Andreas Henriksson:
> my.host.name 200.171.152.187 - - [08/Dec/2008:18:36:54 +0100] "POST //roundcube/bin/html2text.php HTTP/1.1" 200 83 "-" "Googlebot/2.1 ( http://www.google.com/bot.html)"
> my.host.name 200.171.152.187 - - [08/Dec/2008:18:37:03 +0100] "POST //roundcube/bin/html2text.php HTTP/1.1" 200 79 "-" "Googlebot/2.1 ( http://www.google.com/bot.html)"
> my.host.name 200.171.152.187 - - [08/Dec/2008:18:37:29 +0100] "POST //roundcube/bin/html2text.php HTTP/1.1" 200 88 "-" "Googlebot/2.1 ( http://www.google.com/bot.html)"
This might be unrelated.
Could we get more logs from a larger timespan, including error logs?
More information about the Pkg-roundcube-maintainers
mailing list