IceWarp Mail Server Cross-Site Scripting And XML External Entities Vulnerabilities
Severity: CRITICAL
Advisory Date: JUL 21, 2015
DESCRIPTION
IceWarp Mail Server is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability. Attackers may exploit these issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials and obtain potentially sensitive information from local files; other attacks are also possible.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552