Vulnerability CVE-2015-1503


Published: 2018-05-08

Description:
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IceWarp Mail Server < 11.1.1 Directory Traversal
Piotr Karolak
04.05.2018

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: Icewarp
Product: Mail server 
Version:
9.4.2
9.4.1
9.4.0
9.3.2
9.3.1
11.1.2
11.1.1
11.1.0
11.0.1
11.0.0
10.4.5
10.4.4
10.4.3
10.4.2
10.4.1
10.4.0
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3.0
10.2.2
10.2.1
10.2.0
10.1.4
10.1.3
10.1.2
10.1.1
10.1.0
10.0.8
10.0.7
10.0.6
10.0.5
10.0.4
10.0.3

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

 References:
http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html
https://www.exploit-db.com/exploits/44587/
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614

Related CVE
CVE-2017-7855
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
CVE-2017-12844
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
CVE-2011-3580
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
CVE-2011-3579
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML exte...
CVE-2009-1516
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncod...
CVE-2009-1468
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and ...
CVE-2009-1469
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences prece...
CVE-2009-1467
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filt...

Copyright 2018, cxsecurity.com

 

Back to Top