Lucene search

MitreCVE-2010-5334

HistoryOct 11, 2019 - 11:15 a.m.

CVE-2010-5334

2019-10-1111:15:08

CWE-22

mitre

web.nvd.nist.gov

icewarp

webclient

directory traversal

vulnerability

2010

cve-2010-5334

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

Affected configurations

Nvd

Node

icewarpwebclientRange10.0–10.2.1

VendorProductVersionCPE
icewarpwebclient*cpe:2.3:a:icewarp:webclient:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icewarp	webclient	*	cpe:2.3:a:icewarp:webclient::::::::

References

vuldb.com/?id.142994

www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

Related for CVE-2010-5334