Search found 34 matches
- Fri Feb 11, 2022 10:25 am
- Forum: Administrators
- Topic: Reported XSS in zimbra publicly disclosed 3rd
- Replies: 38
- Views: 42626
Re: Reported XSS in zimbra publicly disclosed 3rd
While 8.6 and 8.7 are out of support, there are stills (lots) of servers running these versions (especially 8.6). Are they vulnerable? Yep. I modified Jim Dunphy's script in order to work with older Versions, too. Please see https://forums.zimbra.org/viewtopic.php?f=15&t=70382&start=20#p303...
- Sat Feb 05, 2022 11:22 am
- Forum: Administrators
- Topic: Reported XSS in zimbra publicly disclosed 3rd
- Replies: 38
- Views: 42626
Re: Reported XSS in zimbra publicly disclosed 3rd
Good Morning I can confirm that as of now (12:20 AM CET) the current patches provided by Zimbra contain the fixes for /opt/zimbra/jetty_base/webapps/zimbra/WEB-INF/tags/calendar/multiDay.tag /opt/zimbra/jetty_base/webapps/zimbra/WEB-INF/tags/calendar/monthView.tag for Versions 8.8.15 and 9. It's the...
- Fri Feb 04, 2022 7:11 pm
- Forum: Administrators
- Topic: Reported XSS in zimbra publicly disclosed 3rd
- Replies: 38
- Views: 42626
Re: Reported XSS in zimbra publicly disclosed 3rd
I understood that we're talking about a XSS Vulnerability. So I'm wondering why Zimbra does not apply basic HTTP Security Headers by default? Doesn't zmprov mcf +zimbraResponseHeader "X-Frame-Options: SAMEORIGIN" zmprov mcf +zimbraResponseHeader "X-XSS-Protection: 1; mode=block" ...
- Tue Dec 14, 2021 6:24 am
- Forum: Administrators
- Topic: log4j-zero-day exploit - active attacks
- Replies: 44
- Views: 49171
Re: log4j-zero-day exploit - active attacks
Just to be on the safe side we added "log4j2.formatMsgNoLookups=true" to zimbra_zmjava_options. zmlocalconfig zimbra_zmjava_options zimbra_zmjava_options = -Xmx256m -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.net.preferIPv4Stack=true Add ...
- Sat Dec 11, 2021 3:51 pm
- Forum: Administrators
- Topic: log4j-zero-day exploit - active attacks
- Replies: 44
- Views: 49171
Re: log4j-zero-day exploit - active attacks
Zimbra Support recently posted the following information on https://support.zimbra.com (Login needed): 0-day Exploit Vulnerability for log4j (CVE-2021-44228) After intensive review and testing, Zimbra Development has determined that the 0-day exploit vulnerability for log4j (CVE-2021-44228) does not...
- Fri Jul 31, 2020 11:56 am
- Forum: Administrators
- Topic: Change hostname problem
- Replies: 1
- Views: 3018
Re: Change hostname problem
... the old hostname remaines in loggerhostmap. Try to delete the orphaned entries.
List Logger Hostmap with
and delete non-existent values with
HTH
List Logger Hostmap with
Code: Select all
zmloggerhostmap
Code: Select all
zmloggerhostmap -d mail.modulew.local mail.modulew.local
- Fri Jul 27, 2018 3:11 pm
- Forum: Installation and Upgrade
- Topic: Upgrade from 8.8.8p6 to 8.8.9 failed
- Replies: 6
- Views: 4785
Re: Upgrade from 8.8.8p6 to 8.8.9 failed
Hi Mark, Andreas, Just to be clear, are you saying that the 8.8.9 installer endeavors to deploy a zimbra-common-core-jar version of a lesser number than that installed/required by 8.8.8 Patch7? Worth opening a Support Case for that for sure if I understand it correctly. Thanks, Mark I don't think so...
- Thu Jul 26, 2018 12:33 pm
- Forum: Installation and Upgrade
- Topic: Upgrade from 8.8.8p6 to 8.8.9 failed
- Replies: 6
- Views: 4785
Re: Upgrade from 8.8.8p6 to 8.8.9 failed
Hi, just a quick heads up: I just tried to upgrade our first 8.8.8 test system to 8.8.9 (based on Ubuntu 16.04) and it failed due to a package conflict. The install.log says ... same here on RHEL/CentOS 7.x The upgrade failed with RPM dependency errors: error: Failed dependencies: zimbra-common-core...
- Thu Apr 05, 2018 2:13 pm
- Forum: Installation and Upgrade
- Topic: After upgrading to 8.8.8 admin extensions don't work
- Replies: 2
- Views: 3200
Re: After upgrading to 8.8.8 admin extensions don't work
following workaround did the trick for me: service zimbra stop yum remove zimbra-network-modules-ng-1.0.13+1521603981-1.r7.x86_64 now manually install the previous version extracted from ~/zcs-NETWORK-8.8.7_GA_1964.RHEL7_64.20180223145016/packages yum install zimbra-network-modules-ng-1.0.12+1519200...
- Thu Apr 05, 2018 12:20 pm
- Forum: Installation and Upgrade
- Topic: After upgrading to 8.8.8 admin extensions don't work
- Replies: 2
- Views: 3200
Re: After upgrading to 8.8.8 admin extensions don't work
Same thing here: Just upgraded our test environment from 8.8.6 to 8.8.8.
NG Modules are missing completely and so do other admin extensions.
NG Modules are missing completely and so do other admin extensions.