IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.142994 | Third Party Advisory |
| https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 | Third Party Advisory |
| https://vuldb.com/?id.142994 | Third Party Advisory |
| https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 | Third Party Advisory |
Configurations
History
21 Nov 2024, 01:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://vuldb.com/?id.142994 - Third Party Advisory | |
| References | () https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 - Third Party Advisory |
Information
Published : 2019-10-11 11:15
Updated : 2024-11-21 01:23
NVD link : CVE-2010-5335
Mitre link : CVE-2010-5335
CVE.ORG link : CVE-2010-5335
JSON object : View
Products Affected
icewarp
- webclient
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')