Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

IceWarp Mail Server 10.4.5 XSS / XXE Injection

🗓️ 25 Jun 2013 00:00:00Reported by V. PaulikasType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 61 Views

IceWarp Mail Server 10.4.5 XSS / XXE Injection, Critical Impact, Security Advisory 20130625-0, HTTP vulnerability, Exploitable URL, External XML Entities, Patch Available, Vendor Contact Log, Solution via Patch and Upgrade, Advisory UR

Code
`SEC Consult Vulnerability Lab Security Advisory < 20130625-0 >  
=======================================================================  
title: Multiple vulnerabilities in IceWarp Mail Server  
product: IceWarp Mail Server  
vulnerable version: <=10.4.5  
fixed version: 10.4.5-1  
impact: Critical  
homepage: http://www.icewarp.com  
found: 2013-05-28  
by: V. Paulikas  
SEC Consult Vulnerability Lab  
=======================================================================  
  
Vendor description:  
-------------------  
IceWarp Mail Server delivers a highly integrated solution, including Mail  
Server with dual Anti-Spam & Anti-Virus protection and available add on options  
including the IceWarp GroupWare Server, Instant Messaging Server, Text  
Messaging Server, a unified WebClient interface, full mobile device  
synchronization and much more.  
  
http://www.icewarp.com/  
  
  
Business recommendation:  
------------------------  
By exploiting the XXE vulnerability, an unauthenticated attacker can get  
read access to the filesystem of the IceWarp Mail Server host and thus obtain  
sensitive information such as the configuration files, etc. It is also  
possible to scan ports of the internal hosts and cause DoS on the affected host.  
  
  
Vulnerability overview/description:  
---------------------------------------------  
1) Cross-Site Scripting  
  
The web GUI is prone to reflected cross site scripting attacks. The  
vulnerability can be used to include HTML or JavaScript code in the affected  
web page. The code is executed in the browser of users if they visit the  
manipulated URL.  
  
  
2) XML External Entity Injection  
  
The used XML parser is resolving external XML entities which allows attackers  
to read files and send requests to systems on the internal network (e.g port  
scanning). The risk of this vulnerability is highly increased by the fact  
that it can be exploited by anonymous users without existing user accounts.  
  
  
Proof of concept:  
-----------------  
Detailed proof of concept URLs or exploit code have been removed from this  
advisory.  
  
1) A cross site scripting vulnerability can be exploited by tricking the user  
into accessing a specially crafted URL. This vulnerability was identified in  
the following scripts:  
  
/webmail/calendar/index.html  
/admin/tools/svnparser.html  
  
  
2) The unauthenticated XML External Entity Injection vulnerability can be  
exploited by issuing a specially crafted HTTP POST request to the /rpc/gw.html  
script.  
The /rpc/api.html script was also identified to be vulnerable to XML external  
Entity Injection, but for successful exploitation valid administrator  
credentials are necessary.  
  
  
Vulnerable / tested versions:  
-----------------------------  
The vulnerabilities have been verified to exist in the IceWarp Mail Server  
version 10.4.5, which was the most recent version at the time of discovery.  
  
  
Vendor contact log:  
------------------------  
2013-06-07: Contacting vendor through [email protected]  
2013-06-07: Initial vendor response  
2013-06-07: Forwarding security advisory to vendor  
2013-06-07: Vendor acknowledges that the advisory was received  
2013-06-11: Vendor releases the patch  
2013-06-25: SEC Consult releases coordinated security advisory.  
  
  
Solution:  
---------  
IceWarp customers running version 10.4.5 may apply a patch available  
via http://www.icewarp.com/download/patches/10.4.5/html.zip  
  
Customers using the older versions are recommended to upgrade to  
IceWarp Server 10.4.5-1.  
  
The file /admin/tools/svnparser.html is recommended to be removed  
as it is not necessary for the admin panel anymore.  
  
Advisory URL:  
-------------  
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
SEC Consult Vulnerability Lab  
  
SEC Consult  
Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius  
  
Headquarter:  
Mooslackengasse 17, 1190 Vienna, Austria  
Phone: +43 1 8903043 0  
Fax: +43 1 8903043 15  
  
Mail: research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult  
  
EOF V. Paulikas / @2013  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4
icewarpmail serverxssxxe injectionsecurity advisoryvulnerabilitycritical impacthttpexploitable urlexternal entitiespatchvendor contactsolutionupgradeadvisory url
61