Search found 2204 matches

by Klug
Mon Mar 26, 2018 1:33 pm
Forum: Installation and Upgrade
Topic: CVE-2018-6882 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 8
Views: 2024

CVE-2018-6882 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Hello all. Another one... It's from last january, went in the bugtraq mailing-list today. About the issue (quoting the author): This issue was successfully tested on ZCS 8.7.11_GA_1854 (build 20170531151956). It is however likely that this issue is present in all versions of ZCS from version 8.5.0 o...
by Klug
Fri Mar 23, 2018 9:32 am
Forum: General Zimbra Feedback
Topic: Public Bugzilla replaced with Private Jira, first move to closed source ?
Replies: 18
Views: 11240

Re: Public Bugzilla replaced with Private Jira, first move to closed source ?

partner meeting after the official part. There was a partner meeting? I think that everything will fail if we start with a closed bug report and RFE platform. Totally 200% agreed. Plus, as you said, OSS and "closed bug platform" don't go together at all. As JDunphy said, considering the s...
by Klug
Thu Mar 08, 2018 9:33 am
Forum: Administrators
Topic: live_syncd zmhsm connection refused
Replies: 3
Views: 888

Re: live_syncd zmhsm connection refused

There's a zimbra tool to deploy the ssh keys, you have to execute it on each server.

Code: Select all

zmupdateauthkeys
by Klug
Wed Feb 28, 2018 4:56 pm
Forum: Installation and Upgrade
Topic: Connection Refused :7025
Replies: 2
Views: 1444

Re: Connection Refued :7025

by Klug
Fri Feb 16, 2018 4:00 pm
Forum: Administrators
Topic: Connection timed out:7025 - Issue
Replies: 6
Views: 2382

Re: Connection timed out:7025 - Issue

If your ZCS server is on a LAN that is natted to the internet, you should only (*) use internal resolver(s) and split-DNS. When natted, you should never define both an internal and external resolver (*). (*) it might work with using public resolvers if your firewall is able to do hairpining (https:/...
by Klug
Fri Feb 16, 2018 1:44 pm
Forum: Administrators
Topic: Connection timed out:7025 - Issue
Replies: 6
Views: 2382

Re: Connection timed out:7025 - Issue

Double check your DNS too or split-DNS.
by Klug
Fri Feb 16, 2018 12:42 pm
Forum: Installation and Upgrade
Topic: Performance problems with the mailbox server
Replies: 2
Views: 743

Re: Performance problems with the mailbox server

Welcome to the forum.

Have a look at this: https://wiki.zimbra.com/wiki/DoSFilter
by Klug
Mon Feb 12, 2018 8:33 am
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 5879

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Hello David (nice first name, you can trust me on that) and welcome on the forum.

Thank you for the clarifications and fixes about the patch and release notes.

I still cannot access, with my bugzilla account, bugs #108265 or #107925 (the two I've tried).
by Klug
Fri Feb 09, 2018 11:27 pm
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 5879

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Which ones?
We still don't know which vulnerabilities are related to 8.6.

Why can't you provide a single patch (especially for several months old vulnerabilities)?

When will the patches will be available?
Next couple of days or we'll have to wait for two weeks between each patch?

What about ClamAV?
by Klug
Fri Feb 09, 2018 5:32 pm
Forum: Installation and Upgrade
Topic: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting
Replies: 32
Views: 5879

Re: CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting

Merci. Does it means 8.6 is not vulnerable to all other XSS discovered in 2017 (such as CVE-2017-17703)? Because the Security Advisories page on the wiki still doesn't give any information on vulnerable versions, bug per bug (and the bug are private). CVE-2017-8802 is rated as "minor" by Z...

Go to advanced search