IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5019

Synopsis

The remote webmail server is vulnerable to multiple attack vectors.

Description

The remote host is running IcewWarp WebMail Server - a webmail server for Windows and Linux. According to its banner, the version of IceWarp installed on the remote host is earlier 9.4.2. Such versions are reportedly affected by multiple vulnerabilities :

-A SQL injection vulnerability in the search form of the web-based groupware component. (CVE-2009-1468)

-A cross-site scripting vulnerability exists because the application fails to properly sanitize HTML emails. An attacker can exploit this flaw through the 'cleanHTML()' function of the 'html/webmail/server/inc/tools.php' script. (CVE-2009-1467)

- A cross site-scripting vulnerability exists because the applciation fails to properly sanitize RSS feeds. An attacker can exploit this flaw through the 'cleanHTML()' function of the 'html/webmail/server/inc/rss/rss.php' script. (CVE-2009-1467)

- An input validation flaw in the 'Forgot Password' function on the login page. (CVE-2009-1469)

An attacker could exploit these flaws to steal sensitive information, upload files, or possibly execute arbitrary code subject to the privileges of the affected application.

Solution

Upgrading to IceWarp Merak WebMail Server version 9.4.2 or later reportedly resolves the issues.

See Also

http://www.nessus.org/u?590d8c68

Plugin Details

Severity: High

ID: 5019

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:icewarp:webmail_server

Reference Information

CVE: CVE-2009-1467, CVE-2009-1468, CVE-2009-1469

BID: 34820, 34823, 34825, 34827