Arbitrary File Read Vulnerability in IceWarp Mail Server
CVE-2011-3579

Currently unrated

Key Information:

Vendor

Icewarp

Status
Mail Server
Vendor
CVE Published:
30 September 2011

What is CVE-2011-3579?

The IceWarp Mail Server's webmail.php component is susceptible to an arbitrary file read vulnerability due to improper handling of XML external entities. This flaw could allow remote attackers to gain unauthorized access to sensitive files on the server. Additionally, this issue may enable attackers to initiate HTTP requests to internal network resources, potentially leading to denial of service by exhausting CPU and memory resources. Users of IceWarp Mail Server versions prior to 10.3.3 are highly advised to upgrade to the latest version to mitigate these risks.

References

http://archives.neohapsis.com/archives/bugtraq/2011-09/01...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/49753
vdb-entryx_refsource_BID
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-...
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.