MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Web_mail | Icewarp | 5.3.0 (including) | 5.3.0 (including) |
| Mail_server | Merak | 7.6.0 (including) | 7.6.0 (including) |