Are there any affects to Zimbra based on this report?
US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
Instructions on how to disable Java from being used by the browser are at the bottom of the report. There is no reason to uninstall or remove it at this time. I'm sure Oracle Java and Open Source IcedTea developers will fix it shortly.
But reading the actual report, the impact is as such below. Really this is about phishing where a scammer tries to lure you to click on a link that will perform this exploit.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
- Zimbra Collaboration 9.0.0 now available. Read the release notes.
- Zimbra Collaboration 8.8.15 LTS now available. Read the release notes.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub, Blog and the Community Github.
- Zimbra is Open Source! Read the FAQ. You can also contribute and build binary from source!
Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests