CVE-2011-3580

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.

Published: Sep 30, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3580
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
icewarp / mail_server	10.2.0	10.2.0.x
icewarp / mail_server	10.1.1	10.1.1.x
icewarp / mail_server	9.4.0	9.4.0.x
icewarp / mail_server	10.2.1	10.2.1.x
icewarp / mail_server	10.0.4	10.0.4.x
icewarp / mail_server	10.0.7	10.0.7.x
icewarp / mail_server	9.4.2	9.4.2.x
icewarp / mail_server	9.3.1	9.3.1.x
icewarp / mail_server	10.3.0	10.3.0.x
icewarp / mail_server	9.3.2	9.3.2.x
icewarp / mail_server	9.4.1	9.4.1.x
icewarp / mail_server	9.3.0	9.3.0.x
icewarp / mail_server	10.0.8	10.0.8.x
icewarp / mail_server	-	10.3.2.x
icewarp / mail_server	10.1.2	10.1.2.x
icewarp / mail_server	10.0.3	10.0.3.x
icewarp / mail_server	10.3.1	10.3.1.x
icewarp / mail_server	10.1.3	10.1.3.x
icewarp / mail_server	10.2.2	10.2.2.x
icewarp / mail_server	10.1.4	10.1.4.x

Vulnerability Database

289,784

CVE-2011-3580