Search found 3 matches
- Fri May 31, 2019 8:11 am
- Forum: Administrators
- Topic: CVE-2019-9670 being actively exploited (Hacked Server)
- Replies: 248
- Views: 631406
Re: CVE-2019-9670 being actively exploited
Hi guys Can you check the following code found in the corresponding files and tell if it is malicious. To me it seems to be. << /opt/zimbra/jetty-distribution-9.1.5.v20140505/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp <%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%><%!clas...
- Tue May 28, 2019 1:01 pm
- Forum: Administrators
- Topic: CVE-2019-9670 being actively exploited (Hacked Server)
- Replies: 248
- Views: 631406
Re: CVE-2019-9670 being actively exploited
To find exploited jsp's, I also used these commands: find /opt/zimbra -name \*.jsp -exec grep --with-filename LlSqsDmOgh {} \; find /opt/zimbra -name \*.jsp -exec grep --with-filename exec {} \; Some legit jsp can be edited to remove the offending code. Some jsp can be completely removed if they con...
- Tue May 28, 2019 12:45 pm
- Forum: Administrators
- Topic: CVE-2019-9670 being actively exploited (Hacked Server)
- Replies: 248
- Views: 631406
Re: CVE-2019-9670 being actively exploited
crontab can be rebuilt using the following link:
https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user
Thanks to all of you folks who help in this affair.
https://wiki.zimbra.com/wiki/Step_to_re ... imbra_user
Thanks to all of you folks who help in this affair.