National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1469)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-1469

Original release date:05/05/2009

Last revised:05/16/2009

Source: US-CERT/NIST

Overview

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: merak-forgot-password-header-injection(50332)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50332

External Source: VUPEN

Name: ADV-2009-1253

Hyperlink:http://www.vupen.com/english/advisories/2009/1253

External Source: SECTRACK

Name: 1022166

Hyperlink:http://www.securitytracker.com/id?1022166

External Source: BID

Name: 34827

Hyperlink:http://www.securityfocus.com/bid/34827

External Source: BUGTRAQ

Name: 20090505 [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/503227/100/0/threaded

External Source: MISC

Name: http://www.redteam-pentesting.de/advisories/rt-sa-2009-004

Hyperlink:http://www.redteam-pentesting.de/advisories/rt-sa-2009-004

External Source: OSVDB

Name: 54229

Hyperlink:http://osvdb.org/54229

Vulnerable software and versions

Configuration 1

* cpe:/a:icewarp:webmail_server:2.10.115

* cpe:/a:icewarp:webmail_server:2.10.150

* cpe:/a:icewarp:webmail_server:2.10.165

* cpe:/a:icewarp:webmail_server:2.10.105

* cpe:/a:icewarp:webmail_server:2.10.170

* cpe:/a:icewarp:webmail_server:2.10.200

* cpe:/a:icewarp:webmail_server:2.10.210

* cpe:/a:icewarp:webmail_server:2.10.220

* cpe:/a:icewarp:webmail_server:2.10.240

* cpe:/a:icewarp:webmail_server:2.10.250

* cpe:/a:icewarp:webmail_server:2.10.260

* cpe:/a:icewarp:webmail_server:2.10.310

* cpe:/a:icewarp:webmail_server:2.10.280

* cpe:/a:icewarp:webmail_server:2.10.290

* cpe:/a:icewarp:webmail_server:2.10.320

* cpe:/a:icewarp:webmail_server:2.10.330

* cpe:/a:icewarp:webmail_server:2.10.331

* cpe:/a:icewarp:webmail_server:2.10.340

* cpe:/a:icewarp:webmail_server:2.10.350

* cpe:/a:icewarp:webmail_server:3.00.100

* cpe:/a:icewarp:webmail_server:3.00.110

* cpe:/a:icewarp:webmail_server:3.00.120

* cpe:/a:icewarp:webmail_server:3.00.130

* cpe:/a:icewarp:webmail_server:3.00.140

* cpe:/a:icewarp:webmail_server:3.10.011

* cpe:/a:icewarp:webmail_server:3.10.110

* cpe:/a:icewarp:webmail_server:4.00.30

* cpe:/a:icewarp:webmail_server:4.10.040

* cpe:/a:icewarp:webmail_server:4.10.050

* cpe:/a:icewarp:webmail_server:4.2.1

* cpe:/a:icewarp:webmail_server:4.2.2

* cpe:/a:icewarp:webmail_server:4.2.3

* cpe:/a:icewarp:webmail_server:4.4.1

* cpe:/a:icewarp:webmail_server:4.4.2

* cpe:/a:icewarp:webmail_server:5.1.2

* cpe:/a:icewarp:webmail_server:5.1.3

* cpe:/a:icewarp:webmail_server:5.1.5

* cpe:/a:icewarp:webmail_server:5.3.2

* cpe:/a:icewarp:webmail_server:5.4.1

* cpe:/a:icewarp:webmail_server:5.4.2

* cpe:/a:icewarp:webmail_server:5.4.3

* cpe:/a:icewarp:webmail_server:5.4.4

* cpe:/a:icewarp:webmail_server:5.5.3

* cpe:/a:icewarp:webmail_server:5.5.4

* cpe:/a:icewarp:webmail_server:5.5.5

* cpe:/a:icewarp:webmail_server:5.5.6

* cpe:/a:icewarp:webmail_server:5.5.7

* cpe:/a:icewarp:webmail_server:5.7.3

* cpe:/a:icewarp:webmail_server:5.8.2

* cpe:/a:icewarp:webmail_server:5.8.3

* cpe:/a:icewarp:webmail_server:5.8.4

* cpe:/a:icewarp:webmail_server:5.8.5

* cpe:/a:icewarp:webmail_server:5.8.6

* cpe:/a:icewarp:webmail_server:5.9.4

* cpe:/a:icewarp:webmail_server:6.0.2

* cpe:/a:icewarp:webmail_server:6.0.3

* cpe:/a:icewarp:webmail_server:6.0.5

* cpe:/a:icewarp:webmail_server:6.0.7

* cpe:/a:icewarp:webmail_server:6.1.0

* cpe:/a:icewarp:webmail_server:6.2.1

* cpe:/a:icewarp:webmail_server:2.10.360

* cpe:/a:icewarp:webmail_server:7.0.1

* cpe:/a:icewarp:webmail_server:7.1.4

* cpe:/a:icewarp:webmail_server:7.1.6

* cpe:/a:icewarp:webmail_server:7.2.0

* cpe:/a:icewarp:webmail_server:7.4.0

* cpe:/a:icewarp:webmail_server:7.4.2

* cpe:/a:icewarp:webmail_server:7.4.5

* cpe:/a:icewarp:webmail_server:7.5.2

* cpe:/a:icewarp:webmail_server:7.6.0

* cpe:/a:icewarp:webmail_server:7.6.4

* cpe:/a:icewarp:webmail_server:8.0.1

* cpe:/a:icewarp:webmail_server:8.0.3

* cpe:/a:icewarp:webmail_server:8.0.2

* cpe:/a:icewarp:webmail_server:8.2.0

* cpe:/a:icewarp:webmail_server:8.2.2

* cpe:/a:icewarp:webmail_server:8.3.5

* cpe:/a:icewarp:webmail_server:8.3.8

* cpe:/a:icewarp:webmail_server:8.5.0

* cpe:/a:icewarp:webmail_server:8.9.1

* cpe:/a:icewarp:webmail_server:9.0.0

* cpe:/a:icewarp:webmail_server:9.1.0

* cpe:/a:icewarp:webmail_server:9.3.0 and previous versions

* cpe:/a:icewarp:webmail_server:2.10.110

* cpe:/a:icewarp:webmail_server:9.2.0

* cpe:/a:icewarp:webmail_server:2.10.140

* cpe:/a:icewarp:webmail_server:2.10.190

* cpe:/a:icewarp:webmail_server:5.3.0

* cpe:/a:icewarp:email_server:2.10.105

* cpe:/a:icewarp:email_server:2.10.110

* cpe:/a:icewarp:email_server:2.10.115

* cpe:/a:icewarp:email_server:2.10.140

* cpe:/a:icewarp:email_server:2.10.150

* cpe:/a:icewarp:email_server:2.10.165

* cpe:/a:icewarp:email_server:2.10.170

* cpe:/a:icewarp:email_server:2.10.190

* cpe:/a:icewarp:email_server:2.10.200

* cpe:/a:icewarp:email_server:2.10.210

* cpe:/a:icewarp:email_server:2.10.220

* cpe:/a:icewarp:email_server:2.10.240

* cpe:/a:icewarp:email_server:2.10.250

* cpe:/a:icewarp:email_server:2.10.260

* cpe:/a:icewarp:email_server:2.10.280

* cpe:/a:icewarp:email_server:2.10.290

* cpe:/a:icewarp:email_server:2.10.310

* cpe:/a:icewarp:email_server:2.10.320

* cpe:/a:icewarp:email_server:2.10.330

* cpe:/a:icewarp:email_server:2.10.331

* cpe:/a:icewarp:email_server:2.10.340

* cpe:/a:icewarp:email_server:2.10.350

* cpe:/a:icewarp:email_server:2.10.360

* cpe:/a:icewarp:email_server:3.00.100

* cpe:/a:icewarp:email_server:3.00.110

* cpe:/a:icewarp:email_server:3.00.120

* cpe:/a:icewarp:email_server:3.00.130

* cpe:/a:icewarp:email_server:3.00.140

* cpe:/a:icewarp:email_server:3.10.011

* cpe:/a:icewarp:email_server:3.10.110

* cpe:/a:icewarp:email_server:4.00.30

* cpe:/a:icewarp:email_server:4.10.040

* cpe:/a:icewarp:email_server:4.10.050

* cpe:/a:icewarp:email_server:4.2.1

* cpe:/a:icewarp:email_server:4.2.2

* cpe:/a:icewarp:email_server:4.2.3

* cpe:/a:icewarp:email_server:4.4.1

* cpe:/a:icewarp:email_server:4.4.2

* cpe:/a:icewarp:email_server:5.1.2

* cpe:/a:icewarp:email_server:5.1.3

* cpe:/a:icewarp:email_server:5.1.5

* cpe:/a:icewarp:email_server:5.3.0

* cpe:/a:icewarp:email_server:5.3.2

* cpe:/a:icewarp:email_server:5.4.1

* cpe:/a:icewarp:email_server:5.4.2

* cpe:/a:icewarp:email_server:5.4.3

* cpe:/a:icewarp:email_server:5.4.4

* cpe:/a:icewarp:email_server:5.5.3

* cpe:/a:icewarp:email_server:5.5.4

* cpe:/a:icewarp:email_server:5.5.5

* cpe:/a:icewarp:email_server:5.5.6

* cpe:/a:icewarp:email_server:5.5.7

* cpe:/a:icewarp:email_server:5.7.3

* cpe:/a:icewarp:email_server:5.8.2

* cpe:/a:icewarp:email_server:5.8.3

* cpe:/a:icewarp:email_server:5.8.4

* cpe:/a:icewarp:email_server:5.8.5

* cpe:/a:icewarp:email_server:5.8.6

* cpe:/a:icewarp:email_server:5.9.4

* cpe:/a:icewarp:email_server:6.0.2

* cpe:/a:icewarp:email_server:6.0.3

* cpe:/a:icewarp:email_server:6.0.5

* cpe:/a:icewarp:email_server:6.0.7

* cpe:/a:icewarp:email_server:6.1.0

* cpe:/a:icewarp:email_server:6.2.1

* cpe:/a:icewarp:email_server:7.0.1

* cpe:/a:icewarp:email_server:7.1.4

* cpe:/a:icewarp:email_server:7.1.6

* cpe:/a:icewarp:email_server:7.2.0

* cpe:/a:icewarp:email_server:7.4.0

* cpe:/a:icewarp:email_server:7.4.2

* cpe:/a:icewarp:email_server:7.4.5

* cpe:/a:icewarp:email_server:7.5.2

* cpe:/a:icewarp:email_server:7.6.0

* cpe:/a:icewarp:email_server:7.6.4

* cpe:/a:icewarp:email_server:8.0.1

* cpe:/a:icewarp:email_server:8.0.2

* cpe:/a:icewarp:email_server:8.0.3

* cpe:/a:icewarp:email_server:8.2.0

* cpe:/a:icewarp:email_server:8.2.2

* cpe:/a:icewarp:email_server:8.3.5

* cpe:/a:icewarp:email_server:8.3.8

* cpe:/a:icewarp:email_server:8.5.0

* cpe:/a:icewarp:email_server:8.9.1

* cpe:/a:icewarp:email_server:9.0.0

* cpe:/a:icewarp:email_server:9.1.0

* cpe:/a:icewarp:email_server:9.2.0

* cpe:/a:icewarp:email_server:9.3.0 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Code Injection (CWE-94)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1469