Vulnerabilities > CVE-2011-3579 - Resource Management Errors vulnerability in Icewarp Mail Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing Remote Arbitrary File Disclosure. CVE-2011-3579. Webapps exploit for php platform |
| id | EDB-ID:36165 |
| last seen | 2016-02-04 |
| modified | 2011-09-24 |
| published | 2011-09-24 |
| reporter | David Kirkpatrick |
| source | https://www.exploit-db.com/download/36165/ |
| title | IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing Remote Arbitrary File Disclosure |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/105320/TWSL2011-013.txt |
| id | PACKETSTORM:105320 |
| last seen | 2016-12-05 |
| published | 2011-09-23 |
| reporter | trustwave.com |
| source | https://packetstormsecurity.com/files/105320/IceWarp-Mail-Server-Injection-Information-Disclosure.html |
| title | IceWarp Mail Server Injection / Information Disclosure |
References
- http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html
- http://securityreason.com/securityalert/8404
- http://securitytracker.com/id?1026093
- http://www.osvdb.org/75721
- http://www.securityfocus.com/bid/49753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70025
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt