CVE-2005-4559

EXPLOITED

IceWarp Web Mail 5.5.1 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2005-4559 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Tan Chew Keong.

AI-analyzed exploit summary This exploit leverages an input-validation vulnerability in IceWarp Universal WebMail to include arbitrary local or remote files, potentially leading to remote code execution (RCE) in the context of the webserver process. The provided URL demonstrates a path traversal and file inclusion attack.

Description

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textwebappsphp

https://www.exploit-db.com/exploits/26984

View Code ZIP pw:eip

This exploit leverages an input-validation vulnerability in IceWarp Universal WebMail to include arbitrary local or remote files, potentially leading to remote code execution (RCE) in the context of the webserver process. The provided URL demonstrates a path traversal and file inclusion attack.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IceWarp Universal WebMail (integrated in Merak Mail Server 8.3.0.r and VisNetic MailServer 8.3.0 build 1)

No auth needed

Prerequisites: Network access to the vulnerable webmail interface

MITRE ATT&CK