Multi-Threaded HTTP Server v1.1 for Zimbra

medium Nessus Plugin ID 108373

Synopsis

The remote web server is vulnerable to directory traversal attacks.

Description

The remote web server is identified as Multi-Threaded HTTP Server for Zimbra. This third-party Zimbra add-on fails to sanitize URLs in a way that allows traversal attacks. An unauthenticated, remote attacker can exploit this to view arbitrary files on the remote host.

Solution

Either limit incoming traffic to the Multi-Threaded HTTP Server for Zimbra detected on this port or disable it.

See Also

https://www.exploit-db.com/exploits/12304/

https://www.exploit-db.com/exploits/12331/

https://www.exploit-db.com/exploits/12308/

Plugin Details

Severity: Medium

ID: 108373

File Name: multithreaded_http_server_for_zimbra.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 3/15/2018

Updated: 4/27/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: x-cpe:/a:rajeev_kumar:multithreaded_http_server:1.1