Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.ZIMBRA_7_2_6.NASL
HistoryMar 03, 2014 - 12:00 a.m.

Zimbra Collaboration Server < 7.2.6 / 8.0.6 Unspecified Vulnerability

2014-03-0300:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
43

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%

JSON

The Zimbra Collaboration Server installed on the remote host is affected by an unspecified vulnerability.

Note that the vendor has supplied patches for release versions 7.2.2, 7.2.3, 7.2.4, 7.2.5, 8.0.3, 8.0.4, and 8.05.

Also note that Nessus does not identify patch levels for the above versions. You will want to verify if the patch has been applied by executing the command ‘zmcontrol -v’ from the command line as the ‘zimbra’ user.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72774);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-7217");
  script_bugtraq_id(64415);

  script_name(english:"Zimbra Collaboration Server < 7.2.6 / 8.0.6 Unspecified Vulnerability");
  script_summary(english:"Checks version of Zimbra Collaboration Server");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote web server contains a web application that is affected by an
unspecified vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The Zimbra Collaboration Server installed on the remote host is
affected by an unspecified vulnerability.

Note that the vendor has supplied patches for release versions 7.2.2,
7.2.3, 7.2.4, 7.2.5, 8.0.3, 8.0.4, and 8.05.

Also note that Nessus does not identify patch levels for the above
versions.  You will want to verify if the patch has been applied by
executing the command 'zmcontrol -v' from the command line as the
'zimbra' user."
  );
  # http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?febb129c");
  # https://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?be410aa8");
  # https://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6549daf1");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 7.2.6 / 8.0.6 or later or apply the vendor-
supplied patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/03");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zimbra:collaboration_suite");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");

  script_dependencies("zimbra_web_detect.nbin");
  script_require_keys("www/zimbra_zcs", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 7071);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:443);

install = get_install_from_kb(
  appname      : "zimbra_zcs",
  port         : port,
  exit_on_fail : TRUE
);

app = "Zimbra Collaboration Server";
dir = install["dir"];
version = install["ver"];
install_url = build_url(port:port, qs:dir);

if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, app, install_url);
if (report_paranoia < 2) audit(AUDIT_PARANOID);

ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
  v[i] = int(ver[i]);

# Versions 7.x less than 7.2.6 and 8.x less than 8.0.6 are affected
if (
  (v[0] < 7) ||
  (v[0] == 7 && v[1] < 2) ||
  (v[0] == 7 && v[1] == 2 && v[2] < 6) ||
  (v[0] == 8 && v[1] == 0 && v[2] < 6)
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  URL               : ' + install_url +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 7.2.6 / 8.0.6\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);
VendorProductVersionCPE
zimbracollaboration_suitecpe:/a:zimbra:collaboration_suite

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2013-7217
2013-12-26 18:55:04
cve
cve
CVE-2013-7217
2013-12-26 18:55:04
prion
prion
Design/Logic Flaw
2013-12-26 18:55:00
cvelist
cvelist
CVE-2013-7217
2013-12-26 18:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%

JSON
Related for ZIMBRA_7_2_6.NASL
nvd1cve1prion1cvelist1