Lucene search

HistoryJul 20, 2023 - 12:00 a.m.

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 33 Multiple Vulnerabilities

2023-07-2000:00:00

www.tenable.com

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including:

Vulnerability in the sfdc_preauth.jsp component. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code. (CVE-2023-29382)
HTTP request smuggling vulnerability in the bundled Apache HTTP Server component. Exploitation of this vulnerability can result in the bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers and cache poisoning. (CVE-2023-25690)
An SSRF vulnerability in the bundled Apache CXF component. (CVE-2022-46364)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(178616);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/03");

  script_cve_id(
    "CVE-2022-22970",
    "CVE-2022-46364",
    "CVE-2023-25690",
    "CVE-2023-29381",
    "CVE-2023-29382",
    "CVE-2023-34193"
  );
  script_xref(name:"IAVA", value:"2023-A-0359-S");

  script_name(english:"Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 33 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a web application that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities
including:

  - Vulnerability in the sfdc_preauth.jsp component. A remote, unauthenticated attacker can exploit this
    vulnerability to execute arbitrary code. (CVE-2023-29382)

  - HTTP request smuggling vulnerability in the bundled Apache HTTP Server component. Exploitation of this
    vulnerability can result in the bypass of access controls in the proxy server, proxying unintended URLs
    to existing origin servers and cache poisoning. (CVE-2023-25690)

  - An SSRF vulnerability in the bundled Apache CXF component. (CVE-2022-46364)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P33");
  script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Security_Center");
  script_set_attribute(attribute:"see_also", value:"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories");
  script_set_attribute(attribute:"solution", value:
"Upgrade to version 9.0.0 Patch 33, or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22970");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-29382");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zimbra:collaboration_suite");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("zimbra_web_detect.nbin", "zimbra_nix_installed.nbin");
  script_require_keys("installed_sw/zimbra_zcs");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::zimbra::combined_get_app_info();

var constraints = [
  {'min_version':'9.0', 'max_version':'9.0.0', 'fixed_display':'9.0.0 Patch 33', 'Patch':'33'}
];

vcf::zimbra::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_NOTE
);

VendorProductVersionCPE
zimbracollaboration_suitecpe:/a:zimbra:collaboration_suite

Vendor	Product	Version	CPE
zimbra	collaboration_suite		cpe:/a:zimbra:collaboration_suite

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22970

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46364

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29381

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29382

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34193

wiki.zimbra.com/wiki/Security_Center

wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P33

wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 33 Multiple Vulnerabilities

References

Related