Test Kennung:	1.3.6.1.4.1.25623.1.0.114003
Kategorie:	Web application abuses
Titel:	IceWarp Mail Server < 11.2 Unauthenticated Directory Traversal Vulnerability
Zusammenfassung:	IceWarp Mail Server is prone to an unauthenticated directory; traversal vulnerability.
Beschreibung:	Summary: IceWarp Mail Server is prone to an unauthenticated directory traversal vulnerability. Vulnerability Insight: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request to the /webmail/client/skins/default/css/css.php file. Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory. This vulnerability affects /-.._._.--.._1416610368(variable, depending on the installation, need to check page source)/webmail/client/skins/default/css/css.php. Vulnerability Impact: Successful exploitation allows attackers to access restricted directories and execute commands outside of the web server's root directory. Affected Software/OS: IceWarp Mail Server prior to 11.2. Solution: Update to version 11.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1503 https://www.exploit-db.com/exploits/44587/ http://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-001/?fid=5614
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.