Detections
Analytics
Zimbra Collaboration Server skin Parameter Traversal Local File Inclusion
medium Nessus Plugin ID 72585
Language:
Synopsis
The remote web server contains a script that is affected by a file disclosure vulnerability.Description
The Zimbra Collaboration Server installed on the remote host is affected by a file disclosure vulnerability because it fails to properly sanitize user-supplied input to the 'skin' parameter of '/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz'.This vulnerability could allow a remote, unauthenticated attacker to view or execute arbitrary files by forming a request containing directory traversal sequences.
Note that this issue can be leveraged to execute arbitrary code by obtaining LDAP credentials stored in plaintext and accessing the '/service/admin/soap' API.
Solution
Upgrade to the version 7.2.2 patch 1 / 8.0.2 patch 1 or later.See Also
http://www.nessus.org/u?d695723d
https://files2.zimbra.com/website/docs/7.2/ZCS_Patch_7_2_2_r1.pdf
https://files2.zimbra.com/website/docs/8.0/ZCS_Patch_8_0_2_r1.pdf
Plugin Details
Severity: Medium
ID: 72585
File Name: zimbra_skin_lfi.nasl
Version: 1.14
Type: remote
Family: CGI abuses
Published: 2/19/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.8
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2013-7091
Vulnerability Information
CPE: cpe:/a:zimbra:collaboration_suite
Required KB Items: www/zimbra_zcs
Exploit Available: true
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 2/19/2013
Vulnerability Publication Date: 12/6/2013
Exploitable With
Core Impact
Metasploit (Zimbra Collaboration Server LFI)
Elliot (Zimbra iCollaboration Server LFI)
Reference Information
CVE: CVE-2013-7091
BID: 64149