Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by BradC »

I've gone back and had a look, and the first time we were probed for the vulnerability was 17th June. It came from the same network that has been probing for the Autodiscover XXE exploit.

Code: Select all

access_log.2022-06-17:45.142.166.65 - - [17/Jun/2022:09:13:04 +0000] "POST /service/extension/backup/mboximport?account-name=admin&account-status=active&ow=1&switch-only=0&no-switch=1&append=1 HTTP/1.0" 401 299 "-" "Mozilla/5.0 (Windows N
T 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" 166
access_log.2022-06-17:45.142.166.65 - - [17/Jun/2022:09:13:04 +0000] "POST /service/extension/backup/mboximport?account-name=admin&account-status=active&ow=1&switch-only=0&no-switch=1&append=1 HTTP/1.0" 401 299 "-" "Mozilla/5.0 (Windows N
T 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" 166
And here's the list of url's attempted in the last 31 days :

Code: Select all

/11111111311.jsp
/123132213.jsp
/123.jsp
/1.jsp
/401.jsp
/404.jsp
/642123197911081730_zjzp.jsp
/689fa068b1ab4920b7edb701e3d78cee.jsp
//a2billing/customer/templates/default/footer.tpl
/aesraw.jsp
/a.jsp
/asd.jsp
/c87e2eca742f2cb1_10.jsp
/canhcuathanky.jsp
/cmd.jsp
/default.jsp
/%E6%B5%8B%E8%AF%95.jsp
/.env
///.env
/errors.jsp
/everythlng.jsp
/exploit.jsp
/god.jsp
/goz.jsp
/gsl.jsp
/gzl.jsp
/he1p.jsp
/.htddoc.jsp
/image.jsp
/imgess.jsp
/img.jsp
/index.html
/index_portal.jsp
/js6oFR7E7Xa1.css.jsp
/js6oFR7E7Xa1.htddoc.jsp
/js6oFR7E7Xa1.java
/js6oFR7E7Xa1.jsp
/Lin_cmd.jsp
/logbak.jsp
/login(1).jsp
/login_x1.jsp
/log.jsp
/ma.jsp
/m.jsp
/nc.jsp
/noop.jsp
/ok.jsp
/portals/example/reload.jsp
/public/11111111311.jsp
/public/123132213.jsp
/public/123.jsp
/public/1.jsp
/public/401.jsp
/public/404.jsp
/public/642123197911081730_zjzp.jsp
/public/689fa068b1ab4920b7edb701e3d78cee.jsp
/public/aesraw.jsp
/public/a.jsp
/public/asd.jsp
/public/c87e2eca742f2cb1_10.jsp
/public/canhcuathanky.jsp
/public/cmd.jsp
/public/default.jsp
/public/%E6%B5%8B%E8%AF%95.jsp
/public/everythlng.jsp
/public/exploit.jsp
/public/god.jsp
/public/goz.jsp
/public/gsl.jsp
/public/gzl.jsp
/public/he1p.jsp
/public/.htddoc.jsp
/public/image.jsp
/public/imgess.jsp
/public/img.jsp
/public/index_portal.jsp
/public/js6oFR7E7Xa1.css.jsp
/public/js6oFR7E7Xa1.htddoc.jsp
/public/js6oFR7E7Xa1.java
/public/js6oFR7E7Xa1.jsp
/public/jsp/Customize.jsp
/public/jsp/Log.jsp
/public/jsp/security.jsp
/public/jsp/test.jsp
/public/Lin_cmd.jsp
/public/logbak.jsp
/public/login(1).jsp
/public/login_x1.jsp
/public/ma.jsp
/public/m.jsp
/public/nc.jsp
/public/noop.jsp
/public/ok.jsp
/public/qax.jsp
/public/qwe.jsp
/public/search-results-grid%20(1).jsp
/public/security.jsp
/public/Server.jsp
/public/shell.jsp
/public/sj9.jsp
/public/ss.jsp
/public/stylesasr.css.jsp
/public/t1.jsp
/public/TasksTest.jsp
/public/test3.jsp
/public/testgsl.jsp
/public/test.jsp
/public/testpre.jsp
/public/tt.jsp
/public/tunnel.jsp
/public/tunnel_jsp.java
/public/update.jsp
/public/webshell.jsp
/public/yy.jsp
/qax.jsp
/qwe.jsp
///remote/fgt_lang?lang=/../../../..//////////dev/
/remote/fgt_lang?lang=/../../../..//////////dev/
/search-results-grid%20(1).jsp
/security.jsp
/Server.jsp
/shell.jsp
/sj9.jsp
/ss.jsp
/stylesasr.css.jsp
/t1.jsp
/test3.jsp
/testgsl.jsp
/test.jsp
/testpre.jsp
/tt.jsp
/tunnel.jsp
/tunnel_jsp.java
/update.jsp
/webshell.jsp
/yy.jsp
/zimbraAdmin/11111111311.jsp
/zimbraAdmin/123132213.jsp
/zimbraAdmin/123.jsp
/zimbraAdmin/1.jsp
/zimbraAdmin/401.jsp
/zimbraAdmin/404.jsp
/zimbraAdmin/642123197911081730_zjzp.jsp
/zimbraAdmin/689fa068b1ab4920b7edb701e3d78cee.jsp
/zimbraAdmin/aesraw.jsp
/zimbraAdmin/a.jsp
/zimbraAdmin/asd.jsp
/zimbraAdmin/bx(woshinidie).jsp
/zimbraAdmin/c87e2eca742f2cb1_10.jsp
/zimbraAdmin/canhcuathanky.jsp
/zimbraAdmin/cmd.jsp
/zimbraAdmin/default.jsp
/zimbraAdmin/%E6%B5%8B%E8%AF%95.jsp
/zimbraAdmin/error.jsp
/zimbraAdmin/everythlng.jsp
/zimbraAdmin/exploit.jsp
/zimbraAdmin/god.jsp
/zimbraAdmin/goz.jsp
/zimbraAdmin/gsl.jsp
/zimbraAdmin/gzl.jsp
/zimbraAdmin/he1p.jsp
/zimbraAdmin/.htddoc.jsp
/zimbraAdmin/image.jsp
/zimbraAdmin/imgess.jsp
/zimbraAdmin/img.jsp
/zimbraAdmin/index_portal.jsp
/zimbraAdmin/js6oFR7E7Xa1.css.jsp
/zimbraAdmin/js6oFR7E7Xa1.htddoc.jsp
/zimbraAdmin/js6oFR7E7Xa1.java
/zimbraAdmin/js6oFR7E7Xa1.jsp
/zimbraAdmin/Lin_cmd.jsp
/zimbraAdmin/logbak.jsp
/zimbraAdmin/login(1).jsp
/zimbraAdmin/login_x1.jsp
/zimbraAdmin/ma.jsp
/zimbraAdmin/m.jsp
/zimbraAdmin/nc.jsp
/zimbraAdmin/noop.jsp
/zimbraAdmin/ok.jsp
/zimbraAdmin/qax.jsp
/zimbraAdmin/qwe.jsp
/zimbraAdmin/search-results-grid%20(1).jsp
/zimbraAdmin/Server.jsp
/zimbraAdmin/shell.jsp
/zimbraAdmin/sj9.jsp
/zimbraAdmin/ss.jsp
/zimbraAdmin/stylesasr.css.jsp
/zimbraAdmin/t1.jsp
/zimbraAdmin/test3.jsp
/zimbraAdmin/testgsl.jsp
/zimbraAdmin/test.jsp
/zimbraAdmin/testpre.jsp
/zimbraAdmin/tt.jsp
/zimbraAdmin/tunnel.jsp
/zimbraAdmin/tunnel_jsp.java
/zimbraAdmin/update.jsp
/zimbraAdmin/webshell.jsp
/zimbraAdmin/yy.jsp
Yowza!
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 889
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 9.0.0_P39 NETWORK Edition

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by JDunphy »

Agreed, Zimbra is now an active and rich target. Yesterday (Aug 11) this came through on my zimbra servers looking for 537 files. Guess I need to look into why ZmSettings.js was interesting to this attacker.

Code: Select all

mail:~:46> check_attacks.pl -search '.jsp'
	[ 200] GET https://X.X.X.X/js/zimbraMail/share/model/ZmSettings.js  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/rxkZiZ3w184F.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/shell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/sj9.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/test.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/test3.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/nc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/11111111311.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/a.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/exploit.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/god.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/goz.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/gzl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/gsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/ma.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/ss.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/asd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/error.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/404.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/401.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/123132213.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/aesraw.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/noop.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/webshell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/img.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/image.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/imgess.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/m.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/123.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/yy.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/qax.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/ok.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/testgsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/testpre.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/bx(woshinidie).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/update.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/logbak.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/he1p.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/login(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/tunnel_jsp.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/t1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/default.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/login_x1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/Server.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/tt.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/qwe.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/tunnel.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/everythlng.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/zimbraAdmin/index_portal.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/shell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/sj9.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/test.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/test3.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/nc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/god.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/goz.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/gzl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/gsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/asd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/ma.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/ss.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/11111111311.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/a.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/exploit.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/404.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/401.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/123132213.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/aesraw.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/noop.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/webshell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/img.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/image.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/imgess.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/m.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/123.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/yy.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/qax.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/ok.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/testgsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/testpre.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/security.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/update.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/logbak.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/he1p.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/login(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/tunnel_jsp.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/t1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/default.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/login_x1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/Server.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/tt.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/qwe.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/tunnel.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/everythlng.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/public/index_portal.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/shell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/sj9.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/test.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/test3.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/nc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/god.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/goz.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/gzl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/gsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/asd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/ma.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/ss.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/11111111311.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/a.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/exploit.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/404.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/401.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/123132213.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/aesraw.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/noop.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/webshell.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/img.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/image.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/imgess.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/m.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/cmd.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/123.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/yy.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/qax.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/ok.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/testgsl.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/testpre.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/security.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/update.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/logbak.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/he1p.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/login(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/tunnel_jsp.java  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/.htddoc.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/t1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/default.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/login_x1.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/Server.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/tt.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/qwe.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/tunnel.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/everythlng.jsp  python-requests/2.25.1
	[ 404] GET https://X.X.X.X/index_portal.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/shell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/sj9.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/test.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/test3.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/nc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/11111111311.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/a.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/exploit.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/god.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/goz.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/gzl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/gsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/ma.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/ss.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/asd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/error.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/404.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/401.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/123132213.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/aesraw.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/noop.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/webshell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/img.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/image.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/imgess.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/m.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/123.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/yy.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/qax.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/ok.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/testgsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/testpre.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/bx(woshinidie).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/update.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/logbak.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/he1p.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/login(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/tunnel_jsp.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/t1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/default.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/login_x1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/Server.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/tt.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/qwe.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/tunnel.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/everythlng.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/zimbraAdmin/index_portal.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/shell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/sj9.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/test.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/test3.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/nc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/god.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/goz.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/gzl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/gsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/asd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/ma.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/ss.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/11111111311.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/a.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/exploit.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/404.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/401.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/123132213.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/aesraw.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/noop.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/webshell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/img.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/image.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/imgess.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/m.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/123.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/yy.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/qax.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/ok.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/testgsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/testpre.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/security.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/update.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/logbak.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/he1p.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/login(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/tunnel_jsp.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/t1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/default.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/login_x1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/Server.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/tt.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/qwe.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/tunnel.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/everythlng.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/public/index_portal.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/shell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/sj9.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/test.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/test3.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/nc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/god.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/goz.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/gzl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/gsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/asd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/ma.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/ss.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/11111111311.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/a.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/exploit.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/Lin_cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/404.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/401.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/123132213.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/aesraw.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/noop.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/webshell.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/img.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/image.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/imgess.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/m.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/stylesasr.css.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/cmd.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/123.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/yy.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/689fa068b1ab4920b7edb701e3d78cee.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/qax.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/c87e2eca742f2cb1_10.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/ok.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/%E6%B5%8B%E8%AF%95.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/testgsl.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/testpre.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/security.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/update.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/logbak.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/he1p.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/login(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/tunnel_jsp.java  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/.htddoc.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/t1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/642123197911081730_zjzp.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/default.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/login_x1.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/Server.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/tt.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/qwe.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/tunnel.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/search-results-grid%20(1).jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/canhcuathanky.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/everythlng.jsp  python-requests/2.25.1
	[ 404] POST https://X.X.X.X/index_portal.jsp  python-requests/2.25.1
 Attacker from  178.255.149.138                    537 Requests - Score 100% 
I also ran through the logs looking for status codes of 200 but with zero bytes as per the link in this thread.

Code: Select all

% check_attacks.pl --pstatus='200' --display=bytes | grep ' 0 '

% check_attacks.pl -srcip 178.255.149.138 --pstatus='200' --display=bytes
	[ 200] GET https://X.X.X.X/js/zimbraMail/share/model/ZmSettings.js  16360
 Attacker from  178.255.149.138                 537 Requests - Score 100% 
------------------------------------------------------------------------------------------------------------
Jim
Last edited by JDunphy on Fri Aug 19, 2022 5:35 pm, edited 1 time in total.
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by BradC »

JDunphy wrote:Agreed, Zimbra is now an active and rich target. Yesterday (Aug 11) this came through on my zimbra servers looking for 537 files. Guess I need to look into why ZmSettings.js was interesting to this attacker.
G'day Jim,

Yeah, that's about verbatim and from the same attacker I've seen. With all the other smaller (less urls) probles I did a grep/sort/uniq to produce the combined url list. I'm intrigued about ZmSettings.js also. I suspect it's what they're using to verify it's actually a zimbra server and perhaps there's something in there that gives them some form of versioning info.

Regards,
Brad
halfgaar
Advanced member
Advanced member
Posts: 171
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by halfgaar »

I'm intrigued about ZmSettings.js also. I suspect it's what they're using to verify it's actually a zimbra server and perhaps there's something in there that gives them some form of versioning info.
Any website is hit with known URLs (Wordpress, Joomla, Exchange, Zimbra, etc) to build permanent databases, like shodan.io. Type your IP in there and you'll see how it identified it's Zimbra. It's even in the IMAP response. It says:

Code: Select all

 OK IMAP4rev1 proxy server ready
* CAPABILITY ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE IMAP4rev1 LIST-EXTENDED LITERAL+ MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN LIST-STATUS XLIST AUTH=PLAIN
A001 OK completed
* ID ("NAME" "Zimbra" "VERSION" "8.8.15_GA_4372" "RELEASE" "20220726082327")
A002 OK completed
A003 BAD invalid command
A004 OK completed
Shodan is public, but these databases are also available private. If an exploit is known, they'll just query all servers known as Zimbra and start hacking. That's why my aforementioned proxy is important. It provides very robust protection against all of this, and you don't have to fiddle with scanning your logs and hoping for the best.
Mesut K
Posts: 21
Joined: Fri Nov 14, 2014 7:01 am

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by Mesut K »

When I checked logs with same & similar pattern, these IPs were trying to exploit my server as well;

Code: Select all

High
23.237.32.34
128.1.41.198
103.255.44.125
178.255.149.138

Low
82.180.160.23
What I wonder is, users with P24/24.1 (the ones upgraded at April/May) is vulnerable as well?
ghen
Outstanding Member
Outstanding Member
Posts: 258
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 9.0.0

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by ghen »

One should wonder why most of the /opt/zimbra tree is owned - and thus writable - by the zimbra user by default.

If /opt/zimbra/jetty/webapps/zimbra/public (and the files in it) were owned by root, the impact of this exploit would have been much less, as an attacker then couldn't write any files that he can execute remotely.

As a best practice, only logs, databases, and other runtime data (like jetty workdir) should be owned by the service user, and everything else, in particular executables, owned by root.

Can Zimbra please reconsider this?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by phoenix »

ghen wrote:Can Zimbra please reconsider this?
Why not open a bug report and/or a support case (if you're an NE user)?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BradC
Outstanding Member
Outstanding Member
Posts: 265
Joined: Tue May 03, 2016 1:39 am

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by BradC »

halfgaar wrote:That's why my aforementioned proxy is important. It provides very robust protection against all of this, and you don't have to fiddle with scanning your logs and hoping for the best.
Forgive my ignorance, but how does it function with EWS, EAS & the Outlook MAPI plugin?
halfgaar
Advanced member
Advanced member
Posts: 171
Joined: Sat Sep 13, 2014 12:54 am
Location: Netherlands
ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
Contact:

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by halfgaar »

BradC wrote:
halfgaar wrote:That's why my aforementioned proxy is important. It provides very robust protection against all of this, and you don't have to fiddle with scanning your logs and hoping for the best.
Forgive my ignorance, but how does it function with EWS, EAS & the Outlook MAPI plugin?
I don't have the network edition, so for me that would only be DAV. But, for any protocol over HTTP, the hope is those URLs are distinguisable and you can allow bypasses for them, as I showed for the DAV URLs. Of course, if there are security exploits in a DAV or other endpoints that go over HTTP, you're not as protected, but then you can still rely on the obscurity part of it: as I said, there is no trace externally visible that you're using a proxy.

You could even set up a proxy mywebmail.ponyexpress.com without a password, and make that the only source that is allowed to access the HTTPS port on your Zimbra server. Then, when you make the proxy NOT the default vhost on your webserver, scans of the IP won't show it, and you can only access it if you know the domain name. If you don't advertise that anywhere, bots won't readily find it.

Edit: the way I did it, was just to set up the proxy, use mywebmail.ponyexpress.com in my carddav and caldav clients, and look at the access logs returning 401 or 403, and creating bypasses until it worked.
mgarbin
Posts: 35
Joined: Wed Jun 26, 2019 11:00 am

Re: Security Update: Authentication Bypass in MailboxImportServlet vulnerability

Post by mgarbin »

ghen wrote:One should wonder why most of the /opt/zimbra tree is owned - and thus writable - by the zimbra user by default.

If /opt/zimbra/jetty/webapps/zimbra/public (and the files in it) were owned by root, the impact of this exploit would have been much less, as an attacker then couldn't write any files that he can execute remotely.

As a best practice, only logs, databases, and other runtime data (like jetty workdir) should be owned by the service user, and everything else, in particular executables, owned by root.

Can Zimbra please reconsider this?
Hmm the problem is related to all /opt/zimbra/jetty/webapps/* subfolders.
A solution here is to create new volume ( or fallocate a space then mkfs it ), mount it in read write mode, rsync the content of /opt/zimbra/jetty/webapps/ and then re-mount as read only on /opt/zimbra/jetty/webapps ( with zimbra uid e guid ).
But if you are going to inspect change date of all the subfolder you can see that WEB-INF folder ( under zimbra / zimbraAdmin / service / zimlet ) is rewritten by jetty for its own config.
How we can solve it?
Post Reply