CVE-2010-5334
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
IceWarp Webclient versiones anteriores a 10.2.1 presenta una vulnerabilidad de salto de directorio. Esto puede resultar en la pérdida de datos confidenciales de IceWarp Mailserver y el sistema operativo. La entrada que es pasada por medio de un determinado parámetro (_c en archivo basic/index.html) no es saneada apropiadamente y, por lo tanto, puede ser explotada para explorar la partición donde está instalado IceWarp (o todo el sistema) y leer archivos arbitrarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-11 CVE Reserved
- 2019-10-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.142994 | Not Applicable | |
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Icewarp Search vendor "Icewarp" | Webclient Search vendor "Icewarp" for product "Webclient" | >= 10.0 < 10.2.1 Search vendor "Icewarp" for product "Webclient" and version " >= 10.0 < 10.2.1" | - |
Affected
|