Submeter #95: Icewarp Mail Server 10.1.3/10.2.0 Directory Traversalinformação

TítuloIcewarp Mail Server 10.1.3/10.2.0 Directory Traversal
DescriçãoCVE-2010-5335 > [Suggested description] > IceWarp Webclient before 10.2.1 has a directory traversal > vulnerability. This can result in loss of > confidential data of IceWarp Mailserver and the operating system. Input > passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can > therefore be exploited to browse the partition where IceWarp is > installed (or the whole system) and read arbitrary files. > > ------------------------------------------ > > [Additional Information] > The vulnerability was found in 2010, but no CVE-ID was requested at that time. > > ------------------------------------------ > > [Vulnerability Type] > Directory Traversal > > ------------------------------------------ > > [Vendor of Product] > IceWarp > > ------------------------------------------ > > [Affected Product Code Base] > IceWarp Webclient - 10.1.3 > IceWarp Webclient - 10.2.0 > > ------------------------------------------ > > [Affected Component] > File:http[s]://host/webmail/basic/index.html (Parameter: _c), File: http[s]://host/webmail/basic/minimizer/index.php (Parameter: script) > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Reference] > https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 > https://vuldb.com/?id.142994 > > ------------------------------------------ > > [Has vendor confirmed or acknowledged the vulnerability?] > true > > ------------------------------------------ > > [Discoverer] > Ron Ott/Michael Schneider/Thomas Wittmann
Utilizador
 misc (UID 3)
Submissão11/10/2019 12h51 (há 7 anos)
Moderação11/10/2019 13h41 (51 minutes later)
EstadoAceite
Entrada VulDB143374 [Icewarp Mail Server 10.1.3/10.2.0 index.php script Travessia de Diretório]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!