Icewarp · Icewarp Web Mail · CVE-2011-3579
**Name of the Vulnerable Software and Affected Versions**
IceWarp Mail Server versions prior to 10.3.3
**Description**
The issue allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service due to CPU and memory consumption. This is achieved via an XML external entity declaration in conjunction with an entity reference in the server/webmail.php file of IceWarp WebMail.
**Recommendations**
For versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the server/webmail.php file until the update is applied.