Information disclosure in Icewarp Mail_server
CVE-2011-3580
IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.
Vulnerability class: Information Disclosure
EPSS: 0.016 (72.9th percentile) — read the EPSS interpretation.
Affected products
- Icewarp Mail_server — versions 9.3.0, 9.3.1, 9.3.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)