MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Web_mail | Icewarp | 5.3.0 (including) | 5.3.0 (including) |
| Mail_server | Merak | 7.6.0 (including) | 7.6.0 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110693950205007\u0026w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19152
- http://marc.info/?l=bugtraq\u0026m=110693950205007\u0026w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19152