CVE-2015-1503
IceWarp Mail Server < 11.1.1 - Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
Múltiples vulnerabilidades de salto de directorio en IceWarp Mail Server en versiones anteriores a la 11.2 permiten que atacantes remotos lean archivos arbitrarios mediante (1) un .. (punto punto) en el parámetro file en una página webmail/client/skins/default/css/css.php o .../. (punto punto punto barra punto) en los parámetros (2) script o (3) style en webmail/old/calendar/minimizer/index.php.
IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-06 CVE Reserved
- 2018-05-04 CVE Published
- 2023-12-26 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Icewarp Search vendor "Icewarp" | Mail Server Search vendor "Icewarp" for product "Mail Server" | < 11.2.0 Search vendor "Icewarp" for product "Mail Server" and version " < 11.2.0" | - |
Affected
| ||||||