id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. remediation: | Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability. reference: - https://www.icewarp.com/ - https://twitter.com/shifacyclewala/status/1443298941311668227 - http://icewarp.com - http://mail.ziyan.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-36580 cwe-id: CWE-601 epss-score: 0.00212 epss-percentile: 0.58846 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: icewarp product: icewarp_server shodan-query: title:"icewarp" tags: cve,cve2021,icewarp,redirect http: - method: GET path: - "{{BaseURL}}/webmail/basic/?referer=https://interact.sh&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1" matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 # digest: 490a004630440220042a150f9f1db576669e489ed18efd4a59ded94d47d7dc17b93bc7e901b284b40220186ca61a23ad5f22cb0f44742c53f62a5cd42c2b636a257f51345eed2c6036c3:922c64590222798bb761d5b6d8e72950