Summary
Zimbra Collaboration Suite is prone to a local file include vulnerability.
Impact
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer
other attacks are also possible
Solution
Ask the Vendoe for an update.
Insight
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz which allows to read any local file.
Affected
Versions 2009, 2010, 2011, 2012 and early 2013 versions are afected,
Detection
Send a special crafted HTTP GET request which tries to read localconfig.xml
References
Severity
Classification
-
CVE CVE-2013-7091 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability