CVE-2011-3579

Name of the Vulnerable Software and Affected Versions IceWarp Mail Server versions prior to 10.3.3

Description The issue allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service due to CPU and memory consumption. This is achieved via an XML external entity declaration in conjunction with an entity reference in the server/webmail.php file of IceWarp WebMail.

Recommendations For versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the server/webmail.php file until the update is applied.