FKIE_CVE-2009-1469
Vulnerability from fkie_nvd - Published: 2009-05-05 20:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:icewarp:email_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC05573-9E95-4E38-9BB7-8EEC2207F93A",
"versionEndIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.105:*:*:*:*:*:*:*",
"matchCriteriaId": "65413C6D-2477-46BE-A9E0-DFEBFA4984B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.110:*:*:*:*:*:*:*",
"matchCriteriaId": "D626E83E-B8D2-488C-86A1-E9EEE26338AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC20926-AA4F-411B-AC96-F411E7A00ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.140:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B4CF45-C28E-4F9B-8593-FC3227FD3B5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.150:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB40BD9-01B0-43A8-B382-6AF471D4E5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.165:*:*:*:*:*:*:*",
"matchCriteriaId": "273ACE18-425A-42F4-A1C4-A729E61C06D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.170:*:*:*:*:*:*:*",
"matchCriteriaId": "A049A822-9A1D-4A67-B3C7-87F37CE14966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.190:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6A3368-1C9F-404C-B22C-5BA19F8C89DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.200:*:*:*:*:*:*:*",
"matchCriteriaId": "421C0DFF-83B4-494F-B56F-80FCB7465383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.210:*:*:*:*:*:*:*",
"matchCriteriaId": "CD09ABFB-431C-4F81-8B75-1E310FF1DEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.220:*:*:*:*:*:*:*",
"matchCriteriaId": "10D46E21-2A13-4378-B9D9-77B75C574053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.240:*:*:*:*:*:*:*",
"matchCriteriaId": "5637C09C-F43E-41DB-A8C1-AE08DEC5E07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.250:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1E0EB6-D30B-4448-A61D-79F3720ED199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.260:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB1408C-6076-45C4-8532-41B946E9F2CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.280:*:*:*:*:*:*:*",
"matchCriteriaId": "64040FAE-3457-4153-84F5-DB4C0F298DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.290:*:*:*:*:*:*:*",
"matchCriteriaId": "53883B0E-662C-41E6-B0E4-44052243B8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.310:*:*:*:*:*:*:*",
"matchCriteriaId": "659D6D8F-6E4F-4961-88D8-93AEBBBACA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.320:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CD4B14-457C-493B-8206-63AC78C677BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.330:*:*:*:*:*:*:*",
"matchCriteriaId": "DD881C18-E67E-431D-BF64-E9AD74B623B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.331:*:*:*:*:*:*:*",
"matchCriteriaId": "9498A897-FC1E-42F7-A766-F2F3F3AD73DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.340:*:*:*:*:*:*:*",
"matchCriteriaId": "86FD3A63-6985-4557-BCBF-A6C3C62965C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.350:*:*:*:*:*:*:*",
"matchCriteriaId": "5C730232-BE10-485B-B7E6-C7221FF830CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:2.10.360:*:*:*:*:*:*:*",
"matchCriteriaId": "75BCAB2F-D3DC-446C-B260-E6528D424574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.00.100:*:*:*:*:*:*:*",
"matchCriteriaId": "7517B62B-E8BD-46BE-8876-210AF4BBCFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.00.110:*:*:*:*:*:*:*",
"matchCriteriaId": "380A25A3-84E8-4660-8E1E-D9F86CCDF451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.00.120:*:*:*:*:*:*:*",
"matchCriteriaId": "2F811823-8E74-4940-82BF-0BB874A2EDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.00.130:*:*:*:*:*:*:*",
"matchCriteriaId": "0D881063-B61C-4C8D-BA5B-C924968284C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.00.140:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4F4994-9B1C-4975-80A0-48CFC8A59F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.10.011:*:*:*:*:*:*:*",
"matchCriteriaId": "FC092BCB-C03D-489A-8169-A78672DDAC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:3.10.110:*:*:*:*:*:*:*",
"matchCriteriaId": "82BCBCDB-1C96-4AD9-9BD5-6C6F28B0A59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.00.30:*:*:*:*:*:*:*",
"matchCriteriaId": "377D2092-82CD-4BE5-92CB-1B6970C9B343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5637CE33-3C19-4BF5-9768-B680FC16DD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27100290-294C-4938-9E31-5E4EC1CC0DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "257EF71D-D21C-42D6-B799-0CDE4D48D8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "885DC4F5-0809-4BD0-8EB9-26B6F7AC5D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "772781AF-D898-41E0-94CA-5E4E68263B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.10.040:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8458C9-BB0B-450A-906E-982183D2D112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:4.10.050:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E554A0-B31E-42EC-AC96-02928324D8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "516EB69D-9AA3-4E39-8902-54F1BE74FF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAAD90B-2109-4EA8-B6E9-6DC097E46BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CFCE9-52A8-4F40-A256-A4246B9A0345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20CB84F9-D621-4C76-B7FD-7CBE9126C7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5651E-AFC4-4ED5-89A3-4FFF17849892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9E8EF6-6EDA-4204-A9BE-9F0A1FA67F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B52C4762-F008-4A95-9DB2-0187C918D2D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7D1390-BB52-4E73-9D53-AC7C890273FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16D2E155-E79B-4F92-8150-49385D9ED683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7243D261-9880-4FC1-A709-B270D451819C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA1EEB6-F96D-4CB4-B19B-FE298A7106CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D65F51-8021-47C5-A587-AC1F08A690E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92E5E64D-EBF3-44AA-A986-B3A668CA84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E436882C-626F-44E0-92C1-AB42679DB36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A838F48D-65D4-4D0A-AD70-770E564C414F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "528BA85A-A479-4AE5-AE58-4F223EC70CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4DFEC2-E095-4670-A87D-9686FFBACE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EE29A7F9-B10D-43DE-ACF9-82799A5AB622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1CE47F-2420-455E-8D59-9115F8553786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9479F83D-4C9B-4E09-8173-FEF3D648D173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:5.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78426705-364D-44A8-9D11-52FA221501F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84F5E9BC-1925-4109-88CA-BDDA2760A410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34006ADE-3045-4730-9905-F2739F03B37F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16C43E85-FCD9-4C27-9D0F-FDBD6C6BE11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79BE6199-BDF4-492F-AD3F-8F228B3333D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD60C3BF-BFA2-48DE-BFF8-862BEB55DC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F59FE641-F8C2-4499-A68F-4C7B67446B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCB7BC6-8B20-4BA0-A228-FFA64B9D2679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F0B2E0-74A3-40B7-AF4E-547401ABF7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58A59BCD-74B9-4E7F-A79A-293E75ED1457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AFCD42-008D-47C3-B91F-CDBF753B4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5318A0-2F46-483C-B4C1-DE5E78E2B206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5203E03-7810-4FBD-BC29-85D4FC0C44F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A978E8-6F27-4FAA-9B1C-EAD110F3A626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB831B3-D03A-4597-9DA0-0C1101751A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E0046D-0F36-4882-BF2E-0C54A6DAF3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6628764-234B-4B2F-BB96-BC502781D900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "534C2A48-DC12-41D1-A848-5826D8D00A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33E40169-02AC-4F18-B085-58B16073CDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31F92171-ACF9-49F7-88FA-662FE6EC05E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C4E23C-34D9-4655-9FEF-E99D94BFCBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C585DB99-2778-473C-9D20-5B707C12E961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7888DF8-A12C-4583-A4A1-8FD77F258BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "39616720-7128-4364-A376-4F272DE6052E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D109C95C-E55B-4E26-818D-1F6A5EF879FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E23876D5-6BD5-446A-A8B8-EFF5293E2C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9142EEFA-753E-4CB2-97E0-644EF942E149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90B14DCB-3070-4A68-AE00-4004542739C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:email_server:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C3C5AF-13AE-482C-ACE8-8E9EA2A104E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C1F2-E9EB-441F-BA29-26F8AE5CD53C",
"versionEndIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.105:*:*:*:*:*:*:*",
"matchCriteriaId": "B825E8AC-E3E0-4D6F-AEB1-1C8571F42B84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.110:*:*:*:*:*:*:*",
"matchCriteriaId": "B629D1A8-4D8A-4814-B88F-D26DE0A8AD64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.115:*:*:*:*:*:*:*",
"matchCriteriaId": "626E5CBB-A953-4D6C-9AA3-BD8FC44AC310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.140:*:*:*:*:*:*:*",
"matchCriteriaId": "B00D854B-D34B-41BD-9B28-573B0A66FF95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.150:*:*:*:*:*:*:*",
"matchCriteriaId": "FF300F62-E247-4A6F-89B1-F27CD22D2AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.165:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9F5609-2C2B-4D57-974F-E4AA7A1354F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.170:*:*:*:*:*:*:*",
"matchCriteriaId": "69EE8E28-E95B-48F9-87BF-9A6A713C614B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.190:*:*:*:*:*:*:*",
"matchCriteriaId": "60BE3477-86AF-4301-905C-B2D41347C95D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.200:*:*:*:*:*:*:*",
"matchCriteriaId": "23CED09C-9C1F-4E98-87E4-FF1AF3FDB3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.210:*:*:*:*:*:*:*",
"matchCriteriaId": "16A67BBF-D7D2-4780-BB52-6247B1C2BF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.220:*:*:*:*:*:*:*",
"matchCriteriaId": "11F50DDD-14C5-430C-BA64-39DBF86C8195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.240:*:*:*:*:*:*:*",
"matchCriteriaId": "E48D0885-9A43-41CF-97F5-DEE654DEB4FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.250:*:*:*:*:*:*:*",
"matchCriteriaId": "F36F5040-A148-4D41-AEDE-E2031FC0783A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.260:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D444E7-8533-49C9-BEA5-95B1867D5B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.280:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9FE52B-976E-45D5-9F72-0DA02A549283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.290:*:*:*:*:*:*:*",
"matchCriteriaId": "E07F2597-CBEB-4CF4-853B-432C90A0E5F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.310:*:*:*:*:*:*:*",
"matchCriteriaId": "000C3F0B-5083-4E2A-9C3B-A3BBD8F5FC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.320:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2E1F50-0C4F-49BD-837B-E0A6AA897F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.330:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7527FB-5E18-4E25-A344-6FF3AD48F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.331:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4C32D2-A4D3-4D1D-8C40-A19E71D2CD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.340:*:*:*:*:*:*:*",
"matchCriteriaId": "D96B83F5-78EF-46C7-AEF3-B07DC47AD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.350:*:*:*:*:*:*:*",
"matchCriteriaId": "3E812EF7-F33C-4A9E-B21C-9E713EAA5DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:2.10.360:*:*:*:*:*:*:*",
"matchCriteriaId": "3313DDB5-AB69-4FC6-B404-7161DFD42065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.00.100:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5A2472-E80B-453E-AC87-61755089F816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.00.110:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE775DD-1332-4DBD-B43E-82DEDF65EDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.00.120:*:*:*:*:*:*:*",
"matchCriteriaId": "81AACBDC-A27F-42E9-9503-BEAE6277C38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.00.130:*:*:*:*:*:*:*",
"matchCriteriaId": "994FED3B-18B0-43CD-AF69-71363EB69A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.00.140:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C1006A-9BA2-4E2E-934A-E6D84FE31F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.10.011:*:*:*:*:*:*:*",
"matchCriteriaId": "251150DB-9F36-4024-83E5-CCB61788D591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:3.10.110:*:*:*:*:*:*:*",
"matchCriteriaId": "1E018C4E-3442-43DF-A62C-8EF32F582376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.00.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E5C940-3411-4298-AF22-4E0CD0897068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40084349-0248-4DCA-84FF-BAFC61913B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E67D777-B1EE-467C-A9F6-3FE3AC602BAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9BA513-7DFF-4DA5-A850-1932332AB713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68B44F9B-36F5-42A5-8007-F4437C5956FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11D9460D-8004-4C48-8435-5BB55E18407F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.10.040:*:*:*:*:*:*:*",
"matchCriteriaId": "1D37D32E-49FF-48AE-AB1D-5F83FB4ABC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:4.10.050:*:*:*:*:*:*:*",
"matchCriteriaId": "549C6763-6BAC-418D-801E-BA219BA84306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C15656-8A36-446F-B72E-B5D8D02118C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F6586C-A227-4ABA-BBCD-7608BC3AE986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35887E35-7075-4DA7-9DA0-43784E83E523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C96A0CF4-4646-42C2-A2D1-D143307AA075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4587B57E-E5CF-46F7-914C-3E3FF62ABF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F92BC1B-439E-497E-AE9A-0962C665EA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2245DA60-68D3-4FF0-9E22-EE469BFDCA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF984C80-8F2A-444E-8176-AF4207659443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "998D7471-D097-40FF-9749-D1F1F540676C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B349E3F2-5D93-4448-B901-5A51682A095D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "426A5CA3-5AF9-409F-8CC5-8B012F9B4D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CB35A154-98E1-4EF7-9B5A-1691023E69AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C34887E6-AB33-48C1-BD0A-015C141498C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CDBBC7-EEF8-40A4-B32D-528370E85361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E324B02-9C59-44D8-AC8A-899130501C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "144BFD52-D569-42B1-BBBA-BA6F3B41C0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D3B6E6-8B47-4790-9293-254A446256AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0899F9-F7FC-459A-BF39-A2590F4C948A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D1571098-025D-4F9E-9F5B-8CF4E47CB0A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC9A8D1-95F8-41F1-B282-548B654AC024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:5.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "15A7C86B-1F63-492E-BDBF-3AD1F27F3ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF58F47-FBA0-472F-84B2-37C40AE9F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D208182-D571-4756-953B-84647B7C30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC5EF5A-FB10-4362-BF83-F2D399677C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6375DB-EAD9-40DB-ABC8-9ED47937335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1465311E-9F28-4D02-87A1-8262F0E91363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4565A0-4CB2-4BB8-8747-88C2E1DB04BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8111EB25-993B-40D4-9A3F-B0A379FF2544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3932C58-3E6B-4CE8-AD86-5258C657B9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4E884468-C200-4994-8073-A06145DD32EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA8B9FC-58C3-4CDB-B3C9-DCE3FC6DD071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44F1065B-3CCB-4690-9623-948AE5480388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A195789-BE60-41D0-A09F-297C481E1741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99EA6D4D-4818-4B90-A431-F5DB4AEEAC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BC60DE-9C65-48C8-B9F9-CBB99D6E6EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D72538A-63D7-4714-819F-D84E23A477C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C48479D4-85A4-471C-BBE3-95EC7ED42551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17670892-BDEB-435D-92A8-4D362FB48235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0233108-DAE6-42A5-B525-6D8F91298183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCFDA77-070C-42E6-897C-DB4CA6FDD0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5090C955-3E5A-4CDF-A2B2-EF5A181BE4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33D199BC-D664-48A8-8D0C-5496C5DFF8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6327BC-34F7-46E9-ABB3-9FA8B9C5F684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D93FD709-6918-4F00-8C90-416F0E4208DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91A9179B-25BD-4AF6-9ED1-1C0B4439A726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7A7D8F-0669-42D0-A7F8-447E05EB5F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88A2049F-CAEC-47A5-9C22-0295B08CAA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DF0BF3-2284-488D-8C62-DB9766445556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:icewarp:webmail_server:9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00B1AF41-963E-470C-9EC3-4ECD49EB1BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user\u0027s correct credentials, and requests that the user compose a reply that includes this message."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en la implementaci\u00f3n Forgot Password en server/webmail.php en IceWarp eMail Server y WebMail Server anterior a v9.4.2 hace mas facil para atacantes remotos enga\u00f1ar a un usuario para la revelaci\u00f3n de credenciales a trav\u00e9s de secuencias CRLF precediendo una cabecera de respuesta en el elemento \"subject\" de un documento XML, como se demostr\u00f3 mediante el env\u00edo de un mensaje de correo electr\u00f3nico que contenga las credenciales de usuario desde el servidor, las peticiones para componer la respuesta al usuario, incluyen este mensaje."
}
],
"id": "CVE-2009-1469",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-05T20:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54229"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503227/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022166"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1253"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503227/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50332"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…