Vulnerability Description
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synacor | Zimbra Collaboration Suite | 6.0.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/100747
- http://packetstormsecurity.com/files/124321
- http://www.exploit-db.com/exploits/30085Exploit
- http://www.exploit-db.com/exploits/30472
- http://www.securityfocus.com/bid/64149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89527
- http://osvdb.org/100747
- http://packetstormsecurity.com/files/124321
- http://www.exploit-db.com/exploits/30085Exploit
- http://www.exploit-db.com/exploits/30472
- http://www.securityfocus.com/bid/64149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89527
FAQ
What is CVE-2013-7091?
CVE-2013-7091 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (d...
How severe is CVE-2013-7091?
CVE-2013-7091 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7091?
Check the references section above for vendor advisories and patch information. Affected products include: Synacor Zimbra Collaboration Suite.