IceWarp Mail Server Cross-Site Scripting And XML External Entities Vulnerabilities

  Severity: CRITICAL
  Advisory Date: JUL 21, 2015

  DESCRIPTION

IceWarp Mail Server is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability. Attackers may exploit these issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials and obtain potentially sensitive information from local files; other attacks are also possible.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000552

Featured Stories