CVE-2005-4559

Name of the Vulnerable Software and Affected Versions IceWarp Web Mail version 5.5.1 Merak Mail Server version 8.3.0r VisNetic Mail Server version 8.3.0 build 1

Description The issue arises from the improper initialization of the default layout and layout settings variables in mail/include.html when an unrecognized HTTP USER AGENT string is provided. This allows remote attackers to access arbitrary files by sending a request with an unrecognized User Agent and specifying the desired default layout and layout settings parameters.

Recommendations For IceWarp Web Mail version 5.5.1, update the software to properly handle unrecognized HTTP USER AGENT strings and initialize the default layout and layout settings variables securely. For Merak Mail Server version 8.3.0r, restrict access to the mail/include.html file until a secure update is available. For VisNetic Mail Server version 8.3.0 build 1, avoid using unrecognized User Agent strings and ensure that the default layout and layout settings parameters are validated before processing requests.