CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.
2009-05-05T20:30:00.250
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | icewarp | email_server | ≤ 9.3.0 | Yes |
Application | icewarp | email_server | 2.10.105 | Yes |
Application | icewarp | email_server | 2.10.110 | Yes |
Application | icewarp | email_server | 2.10.115 | Yes |
Application | icewarp | email_server | 2.10.140 | Yes |
Application | icewarp | email_server | 2.10.150 | Yes |
Application | icewarp | email_server | 2.10.165 | Yes |
Application | icewarp | email_server | 2.10.170 | Yes |
Application | icewarp | email_server | 2.10.190 | Yes |
Application | icewarp | email_server | 2.10.200 | Yes |
Application | icewarp | email_server | 2.10.210 | Yes |
Application | icewarp | email_server | 2.10.220 | Yes |
Application | icewarp | email_server | 2.10.240 | Yes |
Application | icewarp | email_server | 2.10.250 | Yes |
Application | icewarp | email_server | 2.10.260 | Yes |
Application | icewarp | email_server | 2.10.280 | Yes |
Application | icewarp | email_server | 2.10.290 | Yes |
Application | icewarp | email_server | 2.10.310 | Yes |
Application | icewarp | email_server | 2.10.320 | Yes |
Application | icewarp | email_server | 2.10.330 | Yes |
Application | icewarp | email_server | 2.10.331 | Yes |
Application | icewarp | email_server | 2.10.340 | Yes |
Application | icewarp | email_server | 2.10.350 | Yes |
Application | icewarp | email_server | 2.10.360 | Yes |
Application | icewarp | email_server | 3.00.100 | Yes |
Application | icewarp | email_server | 3.00.110 | Yes |
Application | icewarp | email_server | 3.00.120 | Yes |
Application | icewarp | email_server | 3.00.130 | Yes |
Application | icewarp | email_server | 3.00.140 | Yes |
Application | icewarp | email_server | 3.10.011 | Yes |
Application | icewarp | email_server | 3.10.110 | Yes |
Application | icewarp | email_server | 4.00.30 | Yes |
Application | icewarp | email_server | 4.2.1 | Yes |
Application | icewarp | email_server | 4.2.2 | Yes |
Application | icewarp | email_server | 4.2.3 | Yes |
Application | icewarp | email_server | 4.4.1 | Yes |
Application | icewarp | email_server | 4.4.2 | Yes |
Application | icewarp | email_server | 4.10.040 | Yes |
Application | icewarp | email_server | 4.10.050 | Yes |
Application | icewarp | email_server | 5.1.2 | Yes |
Application | icewarp | email_server | 5.1.3 | Yes |
Application | icewarp | email_server | 5.1.5 | Yes |
Application | icewarp | email_server | 5.3.0 | Yes |
Application | icewarp | email_server | 5.3.2 | Yes |
Application | icewarp | email_server | 5.4.1 | Yes |
Application | icewarp | email_server | 5.4.2 | Yes |
Application | icewarp | email_server | 5.4.3 | Yes |
Application | icewarp | email_server | 5.4.4 | Yes |
Application | icewarp | email_server | 5.5.3 | Yes |
Application | icewarp | email_server | 5.5.4 | Yes |
Application | icewarp | email_server | 5.5.5 | Yes |
Application | icewarp | email_server | 5.5.6 | Yes |
Application | icewarp | email_server | 5.5.7 | Yes |
Application | icewarp | email_server | 5.7.3 | Yes |
Application | icewarp | email_server | 5.8.2 | Yes |
Application | icewarp | email_server | 5.8.3 | Yes |
Application | icewarp | email_server | 5.8.4 | Yes |
Application | icewarp | email_server | 5.8.5 | Yes |
Application | icewarp | email_server | 5.8.6 | Yes |
Application | icewarp | email_server | 5.9.4 | Yes |
Application | icewarp | email_server | 6.0.2 | Yes |
Application | icewarp | email_server | 6.0.3 | Yes |
Application | icewarp | email_server | 6.0.5 | Yes |
Application | icewarp | email_server | 6.0.7 | Yes |
Application | icewarp | email_server | 6.1.0 | Yes |
Application | icewarp | email_server | 6.2.1 | Yes |
Application | icewarp | email_server | 7.0.1 | Yes |
Application | icewarp | email_server | 7.1.4 | Yes |
Application | icewarp | email_server | 7.1.6 | Yes |
Application | icewarp | email_server | 7.2.0 | Yes |
Application | icewarp | email_server | 7.4.0 | Yes |
Application | icewarp | email_server | 7.4.2 | Yes |
Application | icewarp | email_server | 7.4.5 | Yes |
Application | icewarp | email_server | 7.5.2 | Yes |
Application | icewarp | email_server | 7.6.0 | Yes |
Application | icewarp | email_server | 7.6.4 | Yes |
Application | icewarp | email_server | 8.0.1 | Yes |
Application | icewarp | email_server | 8.0.2 | Yes |
Application | icewarp | email_server | 8.0.3 | Yes |
Application | icewarp | email_server | 8.2.0 | Yes |
Application | icewarp | email_server | 8.2.2 | Yes |
Application | icewarp | email_server | 8.3.5 | Yes |
Application | icewarp | email_server | 8.3.8 | Yes |
Application | icewarp | email_server | 8.5.0 | Yes |
Application | icewarp | email_server | 8.9.1 | Yes |
Application | icewarp | email_server | 9.0.0 | Yes |
Application | icewarp | email_server | 9.1.0 | Yes |
Application | icewarp | email_server | 9.2.0 | Yes |
Application | icewarp | webmail_server | ≤ 9.3.0 | Yes |
Application | icewarp | webmail_server | 2.10.105 | Yes |
Application | icewarp | webmail_server | 2.10.110 | Yes |
Application | icewarp | webmail_server | 2.10.115 | Yes |
Application | icewarp | webmail_server | 2.10.140 | Yes |
Application | icewarp | webmail_server | 2.10.150 | Yes |
Application | icewarp | webmail_server | 2.10.165 | Yes |
Application | icewarp | webmail_server | 2.10.170 | Yes |
Application | icewarp | webmail_server | 2.10.190 | Yes |
Application | icewarp | webmail_server | 2.10.200 | Yes |
Application | icewarp | webmail_server | 2.10.210 | Yes |
Application | icewarp | webmail_server | 2.10.220 | Yes |
Application | icewarp | webmail_server | 2.10.240 | Yes |
Application | icewarp | webmail_server | 2.10.250 | Yes |
Application | icewarp | webmail_server | 2.10.260 | Yes |
Application | icewarp | webmail_server | 2.10.280 | Yes |
Application | icewarp | webmail_server | 2.10.290 | Yes |
Application | icewarp | webmail_server | 2.10.310 | Yes |
Application | icewarp | webmail_server | 2.10.320 | Yes |
Application | icewarp | webmail_server | 2.10.330 | Yes |
Application | icewarp | webmail_server | 2.10.331 | Yes |
Application | icewarp | webmail_server | 2.10.340 | Yes |
Application | icewarp | webmail_server | 2.10.350 | Yes |
Application | icewarp | webmail_server | 2.10.360 | Yes |
Application | icewarp | webmail_server | 3.00.100 | Yes |
Application | icewarp | webmail_server | 3.00.110 | Yes |
Application | icewarp | webmail_server | 3.00.120 | Yes |
Application | icewarp | webmail_server | 3.00.130 | Yes |
Application | icewarp | webmail_server | 3.00.140 | Yes |
Application | icewarp | webmail_server | 3.10.011 | Yes |
Application | icewarp | webmail_server | 3.10.110 | Yes |
Application | icewarp | webmail_server | 4.00.30 | Yes |
Application | icewarp | webmail_server | 4.2.1 | Yes |
Application | icewarp | webmail_server | 4.2.2 | Yes |
Application | icewarp | webmail_server | 4.2.3 | Yes |
Application | icewarp | webmail_server | 4.4.1 | Yes |
Application | icewarp | webmail_server | 4.4.2 | Yes |
Application | icewarp | webmail_server | 4.10.040 | Yes |
Application | icewarp | webmail_server | 4.10.050 | Yes |
Application | icewarp | webmail_server | 5.1.2 | Yes |
Application | icewarp | webmail_server | 5.1.3 | Yes |
Application | icewarp | webmail_server | 5.1.5 | Yes |
Application | icewarp | webmail_server | 5.3.0 | Yes |
Application | icewarp | webmail_server | 5.3.2 | Yes |
Application | icewarp | webmail_server | 5.4.1 | Yes |
Application | icewarp | webmail_server | 5.4.2 | Yes |
Application | icewarp | webmail_server | 5.4.3 | Yes |
Application | icewarp | webmail_server | 5.4.4 | Yes |
Application | icewarp | webmail_server | 5.5.3 | Yes |
Application | icewarp | webmail_server | 5.5.4 | Yes |
Application | icewarp | webmail_server | 5.5.5 | Yes |
Application | icewarp | webmail_server | 5.5.6 | Yes |
Application | icewarp | webmail_server | 5.5.7 | Yes |
Application | icewarp | webmail_server | 5.7.3 | Yes |
Application | icewarp | webmail_server | 5.8.2 | Yes |
Application | icewarp | webmail_server | 5.8.3 | Yes |
Application | icewarp | webmail_server | 5.8.4 | Yes |
Application | icewarp | webmail_server | 5.8.5 | Yes |
Application | icewarp | webmail_server | 5.8.6 | Yes |
Application | icewarp | webmail_server | 5.9.4 | Yes |
Application | icewarp | webmail_server | 6.0.2 | Yes |
Application | icewarp | webmail_server | 6.0.3 | Yes |
Application | icewarp | webmail_server | 6.0.5 | Yes |
Application | icewarp | webmail_server | 6.0.7 | Yes |
Application | icewarp | webmail_server | 6.1.0 | Yes |
Application | icewarp | webmail_server | 6.2.1 | Yes |
Application | icewarp | webmail_server | 7.0.1 | Yes |
Application | icewarp | webmail_server | 7.1.4 | Yes |
Application | icewarp | webmail_server | 7.1.6 | Yes |
Application | icewarp | webmail_server | 7.2.0 | Yes |
Application | icewarp | webmail_server | 7.4.0 | Yes |
Application | icewarp | webmail_server | 7.4.2 | Yes |
Application | icewarp | webmail_server | 7.4.5 | Yes |
Application | icewarp | webmail_server | 7.5.2 | Yes |
Application | icewarp | webmail_server | 7.6.0 | Yes |
Application | icewarp | webmail_server | 7.6.4 | Yes |
Application | icewarp | webmail_server | 8.0.1 | Yes |
Application | icewarp | webmail_server | 8.0.2 | Yes |
Application | icewarp | webmail_server | 8.0.3 | Yes |
Application | icewarp | webmail_server | 8.2.0 | Yes |
Application | icewarp | webmail_server | 8.2.2 | Yes |
Application | icewarp | webmail_server | 8.3.5 | Yes |
Application | icewarp | webmail_server | 8.3.8 | Yes |
Application | icewarp | webmail_server | 8.5.0 | Yes |
Application | icewarp | webmail_server | 8.9.1 | Yes |
Application | icewarp | webmail_server | 9.0.0 | Yes |
Application | icewarp | webmail_server | 9.1.0 | Yes |
Application | icewarp | webmail_server | 9.2.0 | Yes |