Vulnerability-Lookup

CNVD-2016-02188

Vulnerability from cnvd - Published: 2016-04-13

Title

Zimbra Collaboration Server Mail接口跨站请求伪造漏洞

Description

Zimbra Collaboration Server（ZCS）是美国Zimbra公司的一套电子邮件和协作解决方案。该方案提供电子邮件、联系人、日历、文件共享、社交网络等功能。 Zimbra Collaboration Server 8.5之前版本的Mail接口中存在跨站请求伪造漏洞。远程攻击者可通过向service/soap/BatchRequest URL发送SOAP请求利用该漏洞更改账户属性。

Severity

中

Patch Name

Zimbra Collaboration Server Mail接口跨站请求伪造漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29

Reference

https://www.exploit-db.com/exploits/39500/

Impacted products

Name
Zimbra Collaboration Server <8.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6541"
    }
  },
  "description": "Zimbra Collaboration Server\uff08ZCS\uff09\u662f\u7f8e\u56fdZimbra\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u548c\u534f\u4f5c\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u7535\u5b50\u90ae\u4ef6\u3001\u8054\u7cfb\u4eba\u3001\u65e5\u5386\u3001\u6587\u4ef6\u5171\u4eab\u3001\u793e\u4ea4\u7f51\u7edc\u7b49\u529f\u80fd\u3002\r\n\r\nZimbra Collaboration Server 8.5\u4e4b\u524d\u7248\u672c\u7684Mail\u63a5\u53e3\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411service/soap/BatchRequest URL\u53d1\u9001SOAP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u8d26\u6237\u5c5e\u6027\u3002",
  "discovererName": "Anthony LAOU-HINE TSUEI, Sysdream (laouhine_anthony -at- hotmail -dot- fr),Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02188",
  "openTime": "2016-04-13",
  "patchDescription": "Zimbra Collaboration Server\uff08ZCS\uff09\u662f\u7f8e\u56fdZimbra\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u548c\u534f\u4f5c\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u7535\u5b50\u90ae\u4ef6\u3001\u8054\u7cfb\u4eba\u3001\u65e5\u5386\u3001\u6587\u4ef6\u5171\u4eab\u3001\u793e\u4ea4\u7f51\u7edc\u7b49\u529f\u80fd\u3002\r\n\r\nZimbra Collaboration Server 8.5\u4e4b\u524d\u7248\u672c\u7684Mail\u63a5\u53e3\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411service/soap/BatchRequest URL\u53d1\u9001SOAP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u8d26\u6237\u5c5e\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Zimbra Collaboration Server Mail\u63a5\u53e3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Zimbra Collaboration Server \u003c8.5"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/39500/",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-12",
  "title": "Zimbra Collaboration Server Mail\u63a5\u53e3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2015-6541 (GCVE-0-2015-6541)

Vulnerability from cvelistv5 – Published: 2016-04-08 14:00 – Updated: 2024-08-06 07:22

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://wiki.zimbra.com/wiki/Security/Collab/86#N…	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2016/Feb/121	mailing-listx_refsource_FULLDISC
https://www.exploit-db.com/exploits/39500/	exploitx_refsource_EXPLOIT-DB

Date Public

2016-02-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:22.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29"
          },
          {
            "name": "20160225 CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Feb/121"
          },
          {
            "name": "39500",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39500/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-08T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29"
        },
        {
          "name": "20160225 CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Feb/121"
        },
        {
          "name": "39500",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39500/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29",
              "refsource": "CONFIRM",
              "url": "https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29"
            },
            {
              "name": "20160225 CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Feb/121"
            },
            {
              "name": "39500",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39500/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6541",
    "datePublished": "2016-04-08T14:00:00.000Z",
    "dateReserved": "2015-08-20T00:00:00.000Z",
    "dateUpdated": "2024-08-06T07:22:22.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-02188

CVE-2015-6541 (GCVE-0-2015-6541)

Tags

Sightings

Nomenclature