CVE Vulnerabilities

CVE-2011-3579

Published: Sep 30, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

Affected Software

Name Vendor Start Version End Version
Mail_server Icewarp 10.2.0 10.2.0
Mail_server Icewarp 10.1.1 10.1.1
Mail_server Icewarp 9.4.0 9.4.0
Mail_server Icewarp 10.2.1 10.2.1
Mail_server Icewarp 10.0.4 10.0.4
Mail_server Icewarp 10.0.7 10.0.7
Mail_server Icewarp 9.4.2 9.4.2
Mail_server Icewarp 9.3.1 9.3.1
Mail_server Icewarp 10.3.0 10.3.0
Mail_server Icewarp 9.3.2 9.3.2
Mail_server Icewarp 9.4.1 9.4.1
Mail_server Icewarp 9.3.0 9.3.0
Mail_server Icewarp 10.0.8 10.0.8
Mail_server Icewarp * 10.3.2
Mail_server Icewarp 10.1.2 10.1.2
Mail_server Icewarp 10.0.3 10.0.3
Mail_server Icewarp 10.3.1 10.3.1
Mail_server Icewarp 10.1.3 10.1.3
Mail_server Icewarp 10.2.2 10.2.2
Mail_server Icewarp 10.1.4 10.1.4

References