id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. remediation: | Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability. reference: - https://www.icewarp.com/ - https://twitter.com/shifacyclewala/status/1443298941311668227 - http://icewarp.com - http://mail.ziyan.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-36580 cwe-id: CWE-601 epss-score: 0.00212 epss-percentile: 0.58846 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: icewarp product: icewarp_server shodan-query: title:"icewarp" tags: cve,cve2021,icewarp,redirect http: - method: GET path: - "{{BaseURL}}/webmail/basic/?referer=https://interact.sh&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1" matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 # digest: 4a0a004730450221009e3514e2d965ce03bc34aa447bfe4acdbc9fa043c3e0c2ff41b2157705e839b1022072610dc31c48ee16cc94e11472ae93a4cab68ea0074de133777874f5274a4ace:922c64590222798bb761d5b6d8e72950