Vulnerability Details : CVE-2010-5335
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2010-5335
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-5335
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2010-5335
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-5335
-
https://www.gosecurity.ch/fachartikel/168-gosecurity-advisory-2010120601
goSecurity - Advisory 2010120601 - goSecurity AGThird Party Advisory
-
https://vuldb.com/?id.142994
CVE-2010-5334 | Icewarp Mail Server Webmail Interface index.html path traversal (Advisory 2010120601)Third Party Advisory
Products affected by CVE-2010-5335
- cpe:2.3:a:icewarp:webclient:*:*:*:*:*:*:*:*