Search found 3 matches

by erefer@gmail.com
Fri May 31, 2019 8:11 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 257275

Re: CVE-2019-9670 being actively exploited

Hi guys Can you check the following code found in the corresponding files and tell if it is malicious. To me it seems to be. << /opt/zimbra/jetty-distribution-9.1.5.v20140505/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp <%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%><%!clas...
by erefer@gmail.com
Tue May 28, 2019 1:01 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 257275

Re: CVE-2019-9670 being actively exploited

To find exploited jsp's, I also used these commands: find /opt/zimbra -name \*.jsp -exec grep --with-filename LlSqsDmOgh {} \; find /opt/zimbra -name \*.jsp -exec grep --with-filename exec {} \; Some legit jsp can be edited to remove the offending code. Some jsp can be completely removed if they con...
by erefer@gmail.com
Tue May 28, 2019 12:45 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 248
Views: 257275

Re: CVE-2019-9670 being actively exploited

crontab can be rebuilt using the following link:

https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user

Thanks to all of you folks who help in this affair.

Go to advanced search