CVE-2011-3580

IceWarp Mail Server <10.3.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.

References (7)

Core 7
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2011-09/0145.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49753
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/75722
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/70026
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8404
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1026093

Scores

EPSS 0.0161
EPSS Percentile 73.1%

Details

CWE
CWE-200
Status published
Products (20)
icewarp/mail_server 9.3.0
icewarp/mail_server 9.3.1
icewarp/mail_server 9.3.2
icewarp/mail_server 9.4.0
icewarp/mail_server 9.4.1
icewarp/mail_server 9.4.2
icewarp/mail_server 10.0.3
icewarp/mail_server 10.0.4
icewarp/mail_server 10.0.7
icewarp/mail_server 10.0.8
... and 10 more
Published Sep 30, 2011
Tracked Since Feb 18, 2026