EUVD-2021-21853

Malware in sbrugna...

CVE-2021-35209

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against...

CVE-2021-35209

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against...

CVE-2021-35209

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against...

Design/Logic Flaw

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against...

CVE-2021-35209

The CVE-2021-35209 issue affects Zimbra Collaboration Suite via the ProxyServlet /proxy implementation. The X-Host header can override the Host header in proxied requests, and the value is not validated against zimbraProxyAllowedDomains, enabling an SSRF-like possibility and open redirect behavio...

Zimbra Collaboration Suite 代码问题漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A code issue vulnerability exists in Zimbra Collaboration Suite versions prior to 8.8.15 Patch 23 and 9.0.0 Patch 16, which stems from the value o...