Summary
Zimbra Collaboration Suite is prone to a local file include vulnerability.
Impact
An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer
other attacks are also possible
Solution
Ask the Vendoe for an update.
Insight
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz which allows to read any local file.
Affected
Versions 2009, 2010, 2011, 2012 and early 2013 versions are afected,
Detection
Send a special crafted HTTP GET request which tries to read localconfig.xml
References
Severity
Classification
-
CVE CVE-2013-7091 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities