Information Exposure in IceWarp WebMail by IceWarp
CVE-2011-3580

Currently unrated

Key Information:

Vendor: Icewarp
Status: Mail Server
Vendor: CVE Published:; 30 September 2011

What is CVE-2011-3580?

IceWarp WebMail, part of the IceWarp Mail Server, is susceptible to a vulnerability that allows remote attackers to access sensitive configuration information. This is achieved through a direct request to the /server URI, which activates the phpinfo function, potentially disclosing critical server settings. This vulnerability highlights the importance of securing server endpoints to prevent unauthorized information disclosure.

References

http://archives.neohapsis.com/archives/bugtraq/2011-09/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/49753

vdb-entryx_refsource_BID

http://www.osvdb.org/75722

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2011
Vulnerability Reserved
Sep 21, 2011

JSON

Icewarp

What is CVE-2011-3580?

References

Timeline