id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. impact: | An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability. reference: - https://www.icewarp.com/ - https://twitter.com/shifacyclewala/status/1443298941311668227 - http://icewarp.com - http://mail.ziyan.com - https://medium.com/%40rohitgautam26/cve-2021-36580-69219798231c classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-36580 cwe-id: CWE-601 epss-score: 0.00233 epss-percentile: 0.6129 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: icewarp product: icewarp_server shodan-query: title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve2021,cve,icewarp,redirect http: - method: GET path: - "{{BaseURL}}/webmail/basic/?referer=https://interact.sh&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1" matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 # digest: 4a0a0047304502201fb7d9f7f3b4cc99c307df40e242a485cec4ec2e1825cb4321b536061d94e5200221009cde712c4679e05357975cbc11bd9caaabcc6fe2ecf21d3d796c06da80f6ed32:922c64590222798bb761d5b6d8e72950