Are there any affects to Zimbra based on this report?
US-CERT Vulnerability Note VU#625617 - Java 7 fails to restrict access to privileged code
Instructions on how to disable Java from being used by the browser are at the bottom of the report. There is no reason to uninstall or remove it at this time. I'm sure Oracle Java and Open Source IcedTea developers will fix it shortly.
But reading the actual report, the impact is as such below. Really this is about phishing where a scammer tries to lure you to click on a link that will perform this exploit.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
- Zimbra Collaboration 8.7.11 - Chat and Drive in early state - ephemeral data in beta. ZCO is now included again, and new ZCO Release. Fixed XSS vulnerability as well. Read the announcement.
- Are you using Zimbra Open Source and you need Backup, Mobile sync and more? We have a solution for you - https://www.zimbra.com/zimbra-suite-plus/
- Are you a Zimbra Developer? You can find some interesting Community Projects on GitHub: https://github.com/Zimbra-Community/ and in our Official GitHub as well: https://github.com/Zimbra
Industry info, happenings near you, and new product integrations. Hosting an event? Invite people here.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest