CVE-2010-5334: Path Traversal
First published: Fri Oct 11 2019(Updated: )
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IceWarp Webclient | >=10.0<10.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2010-5334?
CVE-2010-5334 is a directory traversal vulnerability in IceWarp Webclient before version 10.2.1.
How does CVE-2010-5334 impact IceWarp Mailserver?
CVE-2010-5334 can result in the loss of confidential data of IceWarp Mailserver and the operating system.
How can CVE-2010-5334 be exploited?
CVE-2010-5334 can be exploited by passing input via a certain parameter, allowing an attacker to browse the system directories.
What is the severity level of CVE-2010-5334?
CVE-2010-5334 has a severity level of 7.5 (high).
How can I fix CVE-2010-5334?
To fix CVE-2010-5334, update IceWarp Webclient to version 10.2.1 or later.
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/icewarp
- canonical/icewarp webclient
- version/icewarp webclient/10.0