CVE-2011-3579

Published Sep 30, 2011

Last updated 7 years ago

Overview

Description: server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E11FB6B8-D2E7-4F76-B38C-FF90517A6EFF",
            "versionEndIncluding": "10.3.2"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22B17040-1D48-4BCC-8AB8-CE275630AB92"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF60A80C-6148-4234-87F7-9E5226C05293"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC90647F-D741-436E-812D-950A0A69AE28"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7603560-8C55-4A46-BE89-BB2D03F5B111"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B56EBDA-600D-4091-BF31-717DAC195EBC"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:9.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E50E0941-3BDD-496A-A533-181C50C315AF"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE9442E4-0468-4FAD-8470-A89BB6DEF8EB"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D52315B-50BA-447A-85D2-1119CA464B78"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20816B82-986E-44F1-9188-34A1827231C5"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12060349-5779-435C-BDC9-4ECDA6277BA3"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D7BF916-C278-435C-8E8E-5F67BDC1DB48"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99FE1579-35EC-4C6C-A63A-E3DBC0F7FD72"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A72083C1-0045-4929-B705-0610C5E0CA17"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5316DDD8-84F0-4F1B-8A6C-FFFAF78C0686"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75359877-B017-47A5-9ADE-9B9FDEBB3F1F"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64D4A427-889F-4928-B535-636A2A7D85AB"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F02A0D-378E-4150-B105-B826B6AC1553"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3C8D192-0E1A-4379-995A-B294E2FD1EB2"
          },
          {
            "criteria": "cpe:2.3:a:icewarp:mail_server:10.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2ADA889-C52D-4C80-96EB-834489654614"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References