| 제목 | Icewarp Mail Server 10.1.3/10.2.0 Directory Traversal |
|---|
| 설명 | CVE-2010-5335
> [Suggested description]
> IceWarp Webclient before 10.2.1 has a directory traversal
> vulnerability. This can result in loss of
> confidential data of IceWarp Mailserver and the operating system. Input
> passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can
> therefore be exploited to browse the partition where IceWarp is
> installed (or the whole system) and read arbitrary files.
>
> ------------------------------------------
>
> [Additional Information]
> The vulnerability was found in 2010, but no CVE-ID was requested at that time.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Directory Traversal
>
> ------------------------------------------
>
> [Vendor of Product]
> IceWarp
>
> ------------------------------------------
>
> [Affected Product Code Base]
> IceWarp Webclient - 10.1.3
> IceWarp Webclient - 10.2.0
>
> ------------------------------------------
>
> [Affected Component]
> File:http[s]://host/webmail/basic/index.html (Parameter: _c), File: http[s]://host/webmail/basic/minimizer/index.php (Parameter: script)
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Reference]
> https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601
> https://vuldb.com/?id.142994
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Ron Ott/Michael Schneider/Thomas Wittmann
|
|---|
| 사용자 | misc (UID 3) |
|---|
| 제출 | 2019. 10. 11. PM 12:51 (7 연령 ago) |
|---|
| 모더레이션 | 2019. 10. 11. PM 01:41 (51 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 143374 [Icewarp Mail Server 10.1.3/10.2.0 index.php script 디렉토리 순회] |
|---|
| 포인트들 | 17 |
|---|