This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Zimbra Collaboration suffers from a **Local File Inclusion (LFI)** vulnerability.β¦
π‘οΈ **Root Cause**: Improper handling of user-supplied parameters in the **RestFilter servlet**. π **CWE**: While not explicitly mapped in the data, this is a classic **LFI** flaw (often CWE-22 or CWE-93).β¦
π― **Affected Versions**: Zimbra Collaboration **10.0** and **10.1**. π¦ **Component**: The **RestFilter servlet** within the Webmail Classic UI. β οΈ Ensure you are running these specific versions before worrying.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Actions**: Unauthenticated remote attackers can include **arbitrary files** from the WebRoot. π This allows reading of sensitive internal files.β¦
π£ **Public Exploits**: **YES**. π Multiple PoCs are available on GitHub (e.g., Ashwesker, ProjectDiscovery Nuclei templates). π Wild exploitation is highly likely given the ease of access and public tools.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Use **Nuclei** templates (provided in references) to scan for the `/h/rest` endpoint anomalies.β¦
π§ **No Patch Workaround**: Block external access to the `/h/rest` endpoint via **WAF** or **Firewall** rules. π« Restrict access to the Zimbra web interface to trusted IPs only.β¦
β‘ **Urgency**: **HIGH**. π₯ **Priority**: **P1**. π¨ Unauthenticated LFI in a major email platform is a critical risk. πββοΈ **Recommendation**: Patch immediately or apply strict network controls. Do not ignore this!