Summary
Zimbra Collaboration Suite is prone to a local file include vulnerability.
Impact
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer
other attacks are also possible
Solution
Ask the Vendoe for an update.
Insight
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz which allows to read any local file.
Affected
Versions 2009, 2010, 2011, 2012 and early 2013 versions are afected,
Detection
Send a special crafted HTTP GET request which tries to read localconfig.xml
References
Severity
Classification
-
CVE CVE-2013-7091 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities