HTTP: Zimbra Collaboration Server Local File Inclusion

This signature detects attempts to exploit a known vulnerability against Zimbra Collaboration Server. A successful attack can lead to local file inclusion.

Extended Description

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.

Affected Products

Synacor zimbra_collaboration_suite

References

BugTraq: 64149

CVE: CVE-2013-7091

Short Name
HTTP:DIR:ZIMBRA-COLLAB-LFI
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-7091 Collaboration File Inclusion Local Server Zimbra bid:64149
Release Date
05/26/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3602
False Positive
Unknown
Vendors

Synacor

Found a potential security threat?