Search found 6 matches

by ghen
Wed Jun 24, 2020 1:26 pm
Forum: Community News
Topic: June 2020 Zeta Alliance Weekly Call Summaries
Replies: 7
Views: 3011

Re: June 2020 Zeta Alliance Weekly Call Summaries

Hi Can I put the following topic on the agenda for next week please: Content-Security-Policy (CSP). There is demand for this [1] [2] [3] , as more and more vulnerability scanners and security audits require it, but except for some pointers to generic documentation on the Security wiki [4] , Zimbra h...
by ghen
Wed May 13, 2020 11:22 am
Forum: Community News
Topic: May 2020 Zeta Alliance Weekly Call Summaries
Replies: 30
Views: 7648

Re: May 2020 Zeta Alliance Weekly Call Summaries

Since you have discussed about updating the Nginx package, is there any work to implement the SMTP proxy in Zimbra Nginx Proxy? I mean, Zimbra already uses proxy for almost every protocol but the SMTP, which would make it much easier to work with multiple tenants and multiple certificates. Basicall...
by ghen
Thu Mar 05, 2020 3:26 pm
Forum: Administrators
Topic: Zimbra SSRF CVE-2020-7796
Replies: 1
Views: 910

Re: Zimbra SSRF CVE-2020-7796

I was told the vulnerability is in a leftover JSP file in the webex zimlet.
As a fix, patch7 simply removes this file via RPM postinstall scriptlet:

Code: Select all

rm -f /opt/zimbra/zimlets-deployed/com_zimbra_webex/httpPost.jsp
by ghen
Wed Mar 04, 2020 9:36 am
Forum: Administrators
Topic: Zimbra SSRF CVE-2020-7796
Replies: 1
Views: 910

Zimbra SSRF CVE-2020-7796

Hi Does anyone have more information on SSRF vulnerability CVE-2020-7796, besides the fact that it was fixed in 8.8.15 patch 7? CVE description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. What is the precise scope and ...
by ghen
Thu Feb 13, 2020 12:56 pm
Forum: Installation and Upgrade
Topic: Issue after upgrading to 8.8.15
Replies: 24
Views: 11324

Re: Issue after upgrading to 8.8.15

Thanks. Does this concern all external datasources, including pop3/imap, or only the HTTP based ones like CalDAV ?
by ghen
Thu Feb 13, 2020 8:10 am
Forum: Installation and Upgrade
Topic: Issue after upgrading to 8.8.15
Replies: 24
Views: 11324

Re: Issue after upgrading to 8.8.15

We and one of our customers had this issue. In our cases, the symptoms were that web client sessions generated a "Server Error 500" for the users, but that IMAP and other non web-ui access methods continued to function. Zimbra Support have identified the root cause and given us a bug numb...

Go to advanced search