Signature Detail

Short Name	HTTP:DIR:ZIMBRA-SERVER-LDAP
Severity	Medium
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Zimbra Collaboration Server Directory Traversal
Release Date	2016/02/11
Update Number	2644
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+

HTTP: Zimbra Collaboration Server Directory Traversal

This signature detects directory traversal attempts in Zimbra Collaboration Server. A successful attack can result in directory traversal attacks.

Extended Description

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

Affected Products

zimbra zimbra_collaboration_suite 6.0
zimbra zimbra_collaboration_suite 6.0.1
zimbra zimbra_collaboration_suite 6.0.10
zimbra zimbra_collaboration_suite 6.0.12
zimbra zimbra_collaboration_suite 6.0.13
zimbra zimbra_collaboration_suite 6.0.14
zimbra zimbra_collaboration_suite 6.0.15
zimbra zimbra_collaboration_suite 6.0.16
zimbra zimbra_collaboration_suite 6.0.2
zimbra zimbra_collaboration_suite 6.0.3
zimbra zimbra_collaboration_suite 6.0.4
zimbra zimbra_collaboration_suite 6.0.5
zimbra zimbra_collaboration_suite 6.0.6
zimbra zimbra_collaboration_suite 6.0.7
zimbra zimbra_collaboration_suite 6.0.8
zimbra zimbra_collaboration_suite 6.0.9

References

CVE: CVE-2013-7091

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Zimbra Collaboration Server Directory Traversal

Extended Description

Affected Products

References