Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-35209
HistoryJul 02, 2021 - 6:54 p.m.

CVE-2021-35209

2021-07-0218:54:43
mitre
www.cve.org
9
proxyservlet
zimbra collaboration suite
host header

AI Score

9.6

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).

Related

cve 1
prion 1
osv 1
nvd 1
thn 1
sonarsource 1
avleonov 1
threatpost 1
nessus 1
cve
cve
CVE-2021-35209
2021-07-02 19:15:08
prion
prion
Design/Logic Flaw
2021-07-02 19:15:00
osv
osv
CVE-2021-35209
2021-07-02 19:15:08
nvd
nvd
CVE-2021-35209
2021-07-02 19:15:08
thn
thn
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
2021-07-27 15:46:00
sonarsource
sonarsource
Zimbra 8.8.15 - Webmail Compromise via Email
2021-07-27 00:00:00
avleonov
avleonov
Last Week’s Security news: Serious Sam in Metasploit, PetitPotam, Zimbra Hijack, Joint Advisory TOP30 CVEs
2021-08-02 19:48:50
threatpost
threatpost
Zimbra Server Bugs Could Lead to Email Plundering
2021-07-27 17:30:28
nessus
nessus
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 23 / 9.0.0 < 9.0.0 Patch 16 Multiple Vulnerabilities
2022-07-15 00:00:00

AI Score

9.6

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON
Related for CVELIST:CVE-2021-35209
cve1prion1osv1nvd1thn1sonarsource1avleonov1threatpost1nessus1