CVE-2005-4558
First published: Wed Dec 28 2005(Updated: )
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deerfield Visnetic Mail Server | =8.3.0_build1 | |
| IceWarp WebMail Server | =5.5.1 | |
| IceWarp Merak Mail Server | =8.3.0r |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2005-62/advisory/
- http://www.securityfocus.com/bid/16069
- http://secunia.com/advisories/17046
- http://secunia.com/advisories/17865
- http://securitytracker.com/id?1015412
- http://www.osvdb.org/22080
- http://www.osvdb.org/22081
- http://marc.info/?l=full-disclosure&m=113570229524828&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23904
- http://www.securityfocus.com/archive/1/420255/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-4558?
CVE-2005-4558 is classified as a medium severity vulnerability due to its potential impact on the affected systems.
How do I fix CVE-2005-4558?
To fix CVE-2005-4558, update IceWarp Web Mail to version 5.5.2 or later, or apply any patches provided by the vendor.
Who is affected by CVE-2005-4558?
CVE-2005-4558 affects users of IceWarp Web Mail version 5.5.1, Deerfield Visnetic Mail Server version 8.3.0 build 1, and Merak Mail Server version 8.3.0r.
What type of attack does CVE-2005-4558 allow?
CVE-2005-4558 allows remote authenticated users to potentially execute arbitrary SQL commands through improper validation of input.
When was CVE-2005-4558 disclosed?
CVE-2005-4558 was disclosed in December 2005.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/deerfield
- canonical/deerfield visnetic mail server
- version/deerfield visnetic mail server/8.3.0_build1
- vendor/icewarp
- canonical/icewarp webmail server
- version/icewarp webmail server/5.5.1
- vendor/merak
- canonical/icewarp merak mail server
- version/icewarp merak mail server/8.3.0r