Lucene search
RootSSV:61096HistoryDec 13, 2013 - 12:00 a.m.
Zimbra邮件系统文件包含漏洞
2013-12-1300:00:00
Root
www.seebug.org
125
0.973 High
EPSS
Percentile
99.9%
CVE ID:CVE-2013-7091
Zimbra是一家提供专业的电子邮件软件开发供应商其产品在全球大型企业有广泛应用。
Zimbra文件包含漏洞存在于/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz中,利用该漏洞攻击者可以查看本地配置文件localconfig.xml的信息,包括LDAP协议授权的根目录,可以通过窃取的LDAP信任请求/service/admin/soap API,创建具有管理员权限的用户,从而获得管理控制权。
0
Zimbra <2013
厂商补丁:
Zimbra
Zimbra 7.2.2 Patch 2, 7.2.3, 8.0.2 Patch 1, 8.0.3版本已修复此漏洞,建议用户下载使用:
链接:http://www.zimbra.com/forums/announcements/67236-security-guidance-reported-0day-exploit.html
Related
zdt
zdt
Zimbra Collaboration Server LFI Vulnerability
2013-12-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Zimbra Collaboration Server Local File Inclusion (CVE-2013-7091)
2014-01-12 00:00:00
prion
prion
Directory traversal
2013-12-13 18:07:00
Design/Logic Flaw
2013-12-26 18:55:00
nvd
nvd
CVE-2013-7091
2013-12-13 18:07:54
CVE-2013-7217
2013-12-26 18:55:04
openvas
openvas
Zimbra < 7.0.0 LFI Vulnerability - Active Check
2013-12-11 00:00:00
nessus
nessus
Zimbra Collaboration Server skin Parameter Traversal Local File Inclusion
2014-02-19 00:00:00
dsquare
dsquare
Zimbra iCollaboration Server LFI
2016-08-27 00:00:00
cvelist
cvelist
CVE-2013-7091
2013-12-13 18:00:00
CVE-2013-7217
2013-12-26 18:00:00
packetstorm
packetstorm
Zimbra Collaboration Server LFI
2013-12-23 00:00:00
nuclei
nuclei
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
2022-01-21 07:32:08
cve
cve
CVE-2013-7091
2013-12-13 18:07:54
CVE-2013-7217
2013-12-26 18:55:04
nmap
nmap
http-vuln-cve2013-7091 NSE Script
2014-05-04 15:11:23