CyberSec.Space Logo
Back to CVE Browser

CVE-2021-35209

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile18.55th
PublishedJul 2, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).

Affected Platforms (CPE)

πŸ“¦
Zimbra

Collaboration

>= 8.8 and < 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 8.8.15
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0
πŸ“¦
Zimbra

Collaboration

= 9.0.0

References & Advisories

πŸ”— https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
πŸ”— https://wiki.zimbra.com/wiki/Security_Center
πŸ”— https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23
πŸ”— https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16
πŸ”— https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
πŸ”— https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
πŸ”— https://wiki.zimbra.com/wiki/Security_Center
πŸ”— https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23

Related Vulnerabilities

CVE-2021-2947510.0

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary file...

CVE-2004-065010.0

UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute ar...

CVE-2021-2289310.0

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Sh...

CVE-2005-125510.0

Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other v...