mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html | VDB Entry Exploit Third Party Advisory |
http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce | Third Party Advisory |
https://bugzilla.zimbra.com/show_bug.cgi?id=109129 | Issue Tracking Patch Third Party Advisory |
https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/ | Exploit Third Party Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://www.exploit-db.com/exploits/46693/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
24 Jul 2024, 17:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce - Third Party Advisory | |
References | () https://bugzilla.zimbra.com/show_bug.cgi?id=109129 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/ - Exploit, Third Party Advisory |
Information
Published : 2019-05-29 22:29
Updated : 2024-07-24 17:00
NVD link : CVE-2019-9670
Mitre link : CVE-2019-9670
CVE.ORG link : CVE-2019-9670
JSON object : View
Products Affected
synacor
- zimbra_collaboration_suite
CWE
CWE-611
Improper Restriction of XML External Entity Reference