Submit #95: Icewarp Mail Server 10.1.3/10.2.0 Directory Traversalinfo

TitleIcewarp Mail Server 10.1.3/10.2.0 Directory Traversal
DescriptionCVE-2010-5335 > [Suggested description] > IceWarp Webclient before 10.2.1 has a directory traversal > vulnerability. This can result in loss of > confidential data of IceWarp Mailserver and the operating system. Input > passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can > therefore be exploited to browse the partition where IceWarp is > installed (or the whole system) and read arbitrary files. > > ------------------------------------------ > > [Additional Information] > The vulnerability was found in 2010, but no CVE-ID was requested at that time. > > ------------------------------------------ > > [Vulnerability Type] > Directory Traversal > > ------------------------------------------ > > [Vendor of Product] > IceWarp > > ------------------------------------------ > > [Affected Product Code Base] > IceWarp Webclient - 10.1.3 > IceWarp Webclient - 10.2.0 > > ------------------------------------------ > > [Affected Component] > File:http[s]://host/webmail/basic/index.html (Parameter: _c), File: http[s]://host/webmail/basic/minimizer/index.php (Parameter: script) > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Reference] > https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 > https://vuldb.com/?id.142994 > > ------------------------------------------ > > [Has vendor confirmed or acknowledged the vulnerability?] > true > > ------------------------------------------ > > [Discoverer] > Ron Ott/Michael Schneider/Thomas Wittmann
User
 misc (UID 3)
Submission10/11/2019 12:51 (7 years ago)
Moderation10/11/2019 13:41 (51 minutes later)
StatusAccepted
VulDB entry143374 [Icewarp Mail Server 10.1.3/10.2.0 index.php script path traversal]
Points17

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!