Vulnerability Details CVE-2011-3579
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.163
EPSS Ranking 94.5%
CVSS Severity
CVSS v2 Score 6.4
References
- http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html
- http://securityreason.com/securityalert/8404
- http://securitytracker.com/id?1026093
- http://www.osvdb.org/75721
- http://www.securityfocus.com/bid/49753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70025
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt
- http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html
- http://securityreason.com/securityalert/8404
- http://securitytracker.com/id?1026093
- http://www.osvdb.org/75721
- http://www.securityfocus.com/bid/49753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70025
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt
Products affected by CVE-2011-3579
-
cpe:2.3:a:icewarp:mail_server:10.0.3
-
cpe:2.3:a:icewarp:mail_server:10.0.4
-
cpe:2.3:a:icewarp:mail_server:10.0.5
-
cpe:2.3:a:icewarp:mail_server:10.0.6
-
cpe:2.3:a:icewarp:mail_server:10.0.7
-
cpe:2.3:a:icewarp:mail_server:10.0.8
-
cpe:2.3:a:icewarp:mail_server:10.1.0
-
cpe:2.3:a:icewarp:mail_server:10.1.1
-
cpe:2.3:a:icewarp:mail_server:10.1.2
-
cpe:2.3:a:icewarp:mail_server:10.1.3
-
cpe:2.3:a:icewarp:mail_server:10.1.4
-
cpe:2.3:a:icewarp:mail_server:10.2.0
-
cpe:2.3:a:icewarp:mail_server:10.2.1
-
cpe:2.3:a:icewarp:mail_server:10.2.2
-
cpe:2.3:a:icewarp:mail_server:10.3.0
-
cpe:2.3:a:icewarp:mail_server:10.3.1
-
cpe:2.3:a:icewarp:mail_server:10.3.2
-
cpe:2.3:a:icewarp:mail_server:9.3.0
-
cpe:2.3:a:icewarp:mail_server:9.3.1
-
cpe:2.3:a:icewarp:mail_server:9.3.2
-
cpe:2.3:a:icewarp:mail_server:9.4.0
-
cpe:2.3:a:icewarp:mail_server:9.4.1
-
cpe:2.3:a:icewarp:mail_server:9.4.2