cbcvebase.
CVE-2005-4557
published 2005-12-28

CVE-2005-4557: dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to…

PriorityP268medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.48%
94.8th percentile
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
deerfieldvisnetic_mail_server
icewarpweb_mail
merakmail_server

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://example.com:32000/dir/include.html?lang=[file]%00
path/dir/include.html
port32000
  • Detect LFI attempts targeting /dir/include.html via null byte (%00) injection in the 'lang' query parameter
  • Monitor HTTP requests to /dir/include.html containing '%00' in the lang parameter value, indicative of null-byte directory traversal exploitation
  • This vulnerability was confirmed actively exploited in the wild as of July 30, 2007; prioritize detection on exposed IceWarp WebMail, Merak Mail Server 8.3.0r, and VisNetic MailServer 8.3.0 build 1 instances
  • ·The null byte (%00) technique truncates the file path at the OS level; detection must decode URL-encoded null bytes in the lang parameter before matching
  • ·The exploit may also facilitate remote file inclusion (arbitrary local OR remote files with malicious PHP code); detection rules should cover both local path traversal and remote URL patterns in the lang parameter

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.