![]()
Published: Febru3:15:09 PM -0500įor Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. ![]() This can lead to failures in a Proxy scenario. In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. UPGRADE ZIMBRA DESKTOP FROM 7.2.2 CODEIn Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. Once pax is installed, amavisd automatically prefers it over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Any other web heads who also happen to be a Zimbra admin want to chime in their opinions? I'm more of a mac guy these days, someone who lives and breathes on the Windows platform may be able to provide more insight.An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. UPGRADE ZIMBRA DESKTOP FROM 7.2.2 WINDOWS 8I haven't had an opportunity to really play around with IE10 personally, but I've done an extensive amount of work with HTML5 as of late and there's been promotion by Microsoft regarding Windows 8 and IE10's support of the newer web technologies. With IE10 being more aligned with the direction of the web, it's possible that these creative fixes are now broken in IE10. ![]() IE7 does not play well with HTML5 and the Open Web Platform, and I know developers had to creative at times to retain functionality across multiple browsers. What might be a problem is the fact that these checks stop after IE7. ![]() Looking at the page source, I'm seeing comment blocks where Zimbra is evaluating the browser version, this leads me to assume that there are conditional statements within the interface to address browser differences (which makes a lot of sense given how funky IE has worked in the past) UPGRADE ZIMBRA DESKTOP FROM 7.2.2 64 BITUnsure whether it's 32 or 64 bit off hand, if that comes into play let me know and I'll provide the additional info. We're currently running ZCS 7.1.4 network edition. I've got a user with the same problem as well, the AJAX version of Zimbra won't load on IE10 running on Windows 8. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |