CVE-2005-4557

Name of the Vulnerable Software and Affected Versions IceWarp Web Mail version 5.5.1 Merak Mail Server version 8.3.0r VisNetic Mail Server version 8.3.0 build 1

Description The issue allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability. This could potentially lead to unauthorized access to sensitive information.

Recommendations For IceWarp Web Mail version 5.5.1, consider restricting access to the dir/include.html file until a patch is available. For Merak Mail Server version 8.3.0r, avoid using the lang parameter in the affected endpoint until the issue is resolved. For VisNetic Mail Server version 8.3.0 build 1, restrict access to the vulnerable module to minimize the risk of exploitation. As a temporary workaround, consider disabling the inclusion of local files via the lang parameter until a patch is available.