fkie_nvd - fkie_cve-2021-35209

fkie_cve-2021-35209

Vulnerability from fkie_nvd

Published

2021-07-02 19:15

Modified

2024-11-21 06:12

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).

References

URL	Tags
cve@mitre.org	https://blog.sonarsource.com/zimbra-webmail-compromise-via-email	Exploit, Third Party Advisory
cve@mitre.org	https://wiki.zimbra.com/wiki/Security_Center	Release Notes, Vendor Advisory
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23	Release Notes, Vendor Advisory
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16	Release Notes, Vendor Advisory
cve@mitre.org	https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.sonarsource.com/zimbra-webmail-compromise-via-email	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.zimbra.com/wiki/Security_Center	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	Vendor Advisory

Impacted products

Vendor	Product	Version
zimbra	collaboration	*
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	8.8.15
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0
zimbra	collaboration	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9",
              "versionEndExcluding": "8.8.15",
              "versionStartIncluding": "8.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
              "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
              "matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
              "matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
              "matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
              "matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
              "matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
              "matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
              "matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
              "matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
              "matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
              "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
              "matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
              "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
              "matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
              "matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
              "matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
              "matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting)."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en el archivo ProxyServlet.java en el servlet /proxy en Zimbra Collaboration Suite versiones 8.8 anteriores a 8.8.15 Patch 23 y versiones 9.x anteriores a 9.0.0 Patch 16. El valor de la cabecera X-Host sobrescribe el valor de la cabecera Host en las peticiones proxy. El valor de la cabecera X-Host no es comprobado con la lista blanca de hosts a los que Zimbra tiene permitido hacer proxy (la configuraci\u00f3n zimbraProxyAllowedDomains)"
    }
  ],
  "id": "CVE-2021-35209",
  "lastModified": "2024-11-21T06:12:03.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-02T19:15:08.460",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.sonarsource.com/zimbra-webmail-compromise-via-email"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.sonarsource.com/zimbra-webmail-compromise-via-email"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-35209

Vulnerability from cvelistv5

Published

2021-07-02 18:54

Modified

2024-08-04 00:33