CVE-2005-4557
published 2005-12-28CVE-2005-4557: dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to…
PriorityP268medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.48%
94.8th percentile
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deerfield | visnetic_mail_server | — | — |
| icewarp | web_mail | — | — |
| merak | mail_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect LFI attempts targeting /dir/include.html via null byte (%00) injection in the 'lang' query parameter ↗
- →Monitor HTTP requests to /dir/include.html containing '%00' in the lang parameter value, indicative of null-byte directory traversal exploitation ↗
- →This vulnerability was confirmed actively exploited in the wild as of July 30, 2007; prioritize detection on exposed IceWarp WebMail, Merak Mail Server 8.3.0r, and VisNetic MailServer 8.3.0 build 1 instances ↗
- ·The null byte (%00) technique truncates the file path at the OS level; detection must decode URL-encoded null bytes in the lang parameter before matching ↗
- ·The exploit may also facilitate remote file inclusion (arbitrary local OR remote files with malicious PHP code); detection rules should cover both local path traversal and remote URL patterns in the lang parameter ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mjv7-394p-9g5m: dir/include
ghsa_unreviewed·2022-05-01
CVE-2005-4557 [MEDIUM] GHSA-mjv7-394p-9g5m: dir/include
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
VulnCheck
deerfield visnetic_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2005·CVSS 5.0
CVE-2005-4557 [MEDIUM] deerfield visnetic_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
deerfield visnetic_mail_server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
Affected: deerfield visnetic_mail_server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.exploit-db.com/exploits/26981
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=113570229524828&w=2http://secunia.com/advisories/17046http://secunia.com/advisories/17865http://secunia.com/secunia_research/2005-62/advisory/http://securitytracker.com/id?1015412http://www.osvdb.org/22079http://www.securityfocus.com/archive/1/420255/100/0/threadedhttp://www.securityfocus.com/bid/16069https://exchange.xforce.ibmcloud.com/vulnerabilities/23897http://marc.info/?l=full-disclosure&m=113570229524828&w=2http://secunia.com/advisories/17046http://secunia.com/advisories/17865http://secunia.com/secunia_research/2005-62/advisory/http://securitytracker.com/id?1015412http://www.osvdb.org/22079http://www.securityfocus.com/archive/1/420255/100/0/threadedhttp://www.securityfocus.com/bid/16069https://exchange.xforce.ibmcloud.com/vulnerabilities/23897
2005-12-28
Published
Exploited in the wild