CVE-2019-9670
CVE-2019-9670
In short
Zimbra Collaboration Suite has a vulnerability where attackers can inject malicious XML code through the Autodiscover feature, potentially allowing them to read sensitive files or cause denial of service without needing special access.
Technical detail
An XML External Entity (XXE) injection vulnerability exists in the mailboxd component's Autodiscover.xml endpoint, allowing unauthenticated attackers to craft malicious XML payloads that trigger entity expansion or external entity processing, leading to information disclosure or server resource exhaustion.
Summary generated and translated by AI from the official description.
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/rek7/Zimbra-RCE★ 27githubgithub.com/attackgithub/Zimbra-RCE★ 1githubgithub.com/Cappricio-Securities/CVE-2019-9670★ 0cve_referencepacketstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46693/unverifiedexploitdbwww.exploit-db.com/exploits/46693unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.htmlhttps://bugzilla.zimbra.com/show_bug.cgi?id=109129https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/https://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-9670https://www.exploit-db.com/exploits/46693/http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce