Are there any affects to Zimbra based on this report?
US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
Instructions on how to disable Java from being used by the browser are at the bottom of the report. There is no reason to uninstall or remove it at this time. I'm sure Oracle Java and Open Source IcedTea developers will fix it shortly.
But reading the actual report, the impact is as such below. Really this is about phishing where a scammer tries to lure you to click on a link that will perform this exploit.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.6 is available - Improved real-time backup and restore, HSM, Mobile Sync, HSM and Zimbra Chat and Zimbra Drive. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests