Description
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by RedTeam Pentesting GmbH · pythonwebappsphp
https://www.exploit-db.com/exploits/32986
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54229
Exploit x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2009-004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34827
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503227/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1253
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022166
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50332
Scores
EPSS
0.0549
EPSS Percentile
90.3%
Details
CWE
CWE-94
Status
published
Products (50)
icewarp/email_server
2.10.105
icewarp/email_server
2.10.110
icewarp/email_server
2.10.115
icewarp/email_server
2.10.140
icewarp/email_server
2.10.150
icewarp/email_server
2.10.165
icewarp/email_server
2.10.170
icewarp/email_server
2.10.190
icewarp/email_server
2.10.200
icewarp/email_server
2.10.210
... and 40 more
Published
May 05, 2009
Tracked Since
Feb 18, 2026