Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/95890 | |
https://bugzilla.zimbra.com/show_bug.cgi?id=104294 | Issue Tracking Third Party Advisory |
https://bugzilla.zimbra.com/show_bug.cgi?id=104456 | Issue Tracking Third Party Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 | Release Notes |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-18T22:00:00
Updated: 2017-02-01T10:57:01
Reserved: 2016-03-17T00:00:00
Link: CVE-2016-3406
JSON object: View
NVD Information
Status : Modified
Published: 2017-01-18T22:59:00.343
Modified: 2020-06-04T12:10:27.500
Link: CVE-2016-3406
JSON object: View
Redhat Information
No data.
CWE