Required CVE Record Information
Description
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
References 7 Total
- archives.neohapsis.com: 20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server mailing-list
- securityfocus.com: 49753 vdb-entry
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt
- exchange.xforce.ibmcloud.com: icewarpwebmail-xml-info-disclosure(70025) vdb-entry
- securityreason.com: 8404 third-party-advisory
- osvdb.org: 75721 vdb-entry
- securitytracker.com: 1026093 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- archives.neohapsis.com: 20110923 TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server mailing-listx_transferred
- securityfocus.com: 49753 vdb-entryx_transferred
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt x_transferred
- exchange.xforce.ibmcloud.com: icewarpwebmail-xml-info-disclosure(70025) vdb-entryx_transferred
- securityreason.com: 8404 third-party-advisoryx_transferred
- osvdb.org: 75721 vdb-entryx_transferred
- securitytracker.com: 1026093 vdb-entryx_transferred