exploitDog

CVE-2022-37041

Опубликовано: 12 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting).

Ссылки

https://wiki.zimbra.com/wiki/Security_Center
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center
Patch
Vendor Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00301

Низкий

7.5 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-63w7-6gxr-7jjw

CVSS3: 7.5

github

больше 3 лет назад

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting).

EPSS

Процентиль: 53%

0.00301

Низкий

7.5 High

CVSS3

Дефекты

CWE-918