Roundcube Log Disclosure

Roundcube files are sometimes publicly accessible files, which give an attacker information about the system, used to configure the application in question. These files may reveal sensitive information, such as usernames and passwords, which can allow an attacker to gain access to the system.

Impact

Attackers may, therefore, be able to gather information about the server configuration, application version and computer, which can be used to launch more sophisticated attacks.

Solution

If possible, remove all log files from public folders.