Information Disclosure in IceWarp WebMail Allows Remote Attackers to Obtain Configuration Information

Information Disclosure in IceWarp WebMail Allows Remote Attackers to Obtain Configuration Information

CVE-2011-3580 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to obtain configuration information via a direct request to the /server URI, which triggers a call to the phpinfo function.

Learn more about our Web App Pen Testing.