← Back

CVE-2011-3579

nvd nist
Published: Sep 30, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:P
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

Affected (20)

Products: Icewarp: Mail Server
Icewarp
1 product
Mail Server
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Icewarp
Mail Server
Up to 10.3.2
Mail Server
Version 10.0.3
Mail Server
Version 10.0.4
Mail Server
Version 10.0.7
Mail Server
Version 10.0.8
Mail Server
Version 10.1.1
Mail Server
Version 10.1.2
Mail Server
Version 10.1.3
Mail Server
Version 10.1.4
Mail Server
Version 10.2.0
Mail Server
Version 10.2.1
Mail Server
Version 10.2.2
Mail Server
Version 10.3.0
Mail Server
Version 10.3.1
Mail Server
Version 9.3.0
Mail Server
Version 9.3.1
Mail Server
Version 9.3.2
Mail Server
Version 9.4.0
Mail Server
Version 9.4.1
Mail Server
Version 9.4.2

Related CWEs

CWE-399
CWE-399

References (14)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.