| VID |
22341 |
| Severity |
30 |
| Port |
4096,32000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A version of IceWarp Web Mail which is older than version 5.3.0 is detected as running on the host. IceWarp Web Mail is a Web mail server for Microsoft Windows platforms. IceWarp versions prior to 5.3.0 are vulnerable to multiple vulnerabilities as follows:
1) Multiple cross-site scripting vulnerabilities in "accountsettings.html" and "search.html".
2) An unspecified vulnerability in "view.html".
3) Arbitrary direction creation vulnerability in "viewaction.html" and "folders.html".
4) Information disclosure vulnerability in "accountsettings_add.html", "topmenu.html" and "attachment.html".
* Note: This check solely relied on the version number of the remote IceWarp Web Mail server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/12789/
* Platforms Affected:
IceWarp Software, IceWarp versions prior to 5.3.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of IceWarp Web Mail (5.3.0 or later), available from the IceWarp Download Web page at http://www.icewarp.com/ |
| Related URL |
CVE-2004-1669,CVE-2004-1670,CVE-2004-1671,CVE-2004-1672 (CVE) |
| Related URL |
11371 (SecurityFocus) |
| Related URL |
17314,17315,17316,17689,17690 (ISS) |
|
