ID CVE-2013-7217 Type cve Reporter cve@mitre.org Modified 2017-08-29T01:34:00
Description
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
{"nessus": [{"lastseen": "2021-01-20T15:49:22", "description": "The Zimbra Collaboration Server installed on the remote host is\naffected by an unspecified vulnerability.\n\nNote that the vendor has supplied patches for release versions 7.2.2,\n7.2.3, 7.2.4, 7.2.5, 8.0.3, 8.0.4, and 8.05.\n\nAlso note that Nessus does not identify patch levels for the above\nversions. You will want to verify if the patch has been applied by\nexecuting the command 'zmcontrol -v' from the command line as the\n'zimbra' user.", "edition": 26, "published": "2014-03-03T00:00:00", "title": "Zimbra Collaboration Server < 7.2.6 / 8.0.6 Unspecified Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7217"], "modified": "2014-03-03T00:00:00", "cpe": ["cpe:/a:zimbra:collaboration_suite"], "id": "ZIMBRA_7_2_6.NASL", "href": "https://www.tenable.com/plugins/nessus/72774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72774);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7217\");\n script_bugtraq_id(64415);\n\n script_name(english:\"Zimbra Collaboration Server < 7.2.6 / 8.0.6 Unspecified Vulnerability\");\n script_summary(english:\"Checks version of Zimbra Collaboration Server\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server contains a web application that is affected by an\nunspecified vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Zimbra Collaboration Server installed on the remote host is\naffected by an unspecified vulnerability.\n\nNote that the vendor has supplied patches for release versions 7.2.2,\n7.2.3, 7.2.4, 7.2.5, 8.0.3, 8.0.4, and 8.05.\n\nAlso note that Nessus does not identify patch levels for the above\nversions. You will want to verify if the patch has been applied by\nexecuting the command 'zmcontrol -v' from the command line as the\n'zimbra' user.\"\n );\n # http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?febb129c\");\n # https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be410aa8\");\n # https://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6549daf1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 7.2.6 / 8.0.6 or later or apply the vendor-\nsupplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zimbra:collaboration_suite\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"zimbra_web_detect.nbin\");\n script_require_keys(\"www/zimbra_zcs\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80, 443, 7071);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:443);\n\ninstall = get_install_from_kb(\n appname : \"zimbra_zcs\",\n port : port,\n exit_on_fail : TRUE\n);\n\napp = \"Zimbra Collaboration Server\";\ndir = install[\"dir\"];\nversion = install[\"ver\"];\ninstall_url = build_url(port:port, qs:dir);\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, app, install_url);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n v[i] = int(ver[i]);\n\n# Versions 7.x less than 7.2.6 and 8.x less than 8.0.6 are affected\nif (\n (v[0] < 7) ||\n (v[0] == 7 && v[1] < 2) ||\n (v[0] == 7 && v[1] == 2 && v[2] < 6) ||\n (v[0] == 8 && v[1] == 0 && v[2] < 6)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.2.6 / 8.0.6\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
