Zimbra Collaboration Suite
Moderate fix3 remedies
cpe:2.3:a:zimbra:zimbra_collaboration_suite:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 9.0.0 Patch 46
- < 10.0.15
- < 10.1.9
Zimbra Collaboration Suite Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Zimbra Collaboration Suite (ZCS) versions prior to 9.0.0 Patch 46, 10.0.x prior to 10.0.15, and 10.1.x prior to 10.1.9. The vulnerability arises from improper handling of excessive, comma-separated path segments in both the Webmail interface and the Admin Console. An unauthenticated remote attacker can exploit this issue by sending specially crafted GET requests that cause redundant processing and inflated responses, leading to uncontrolled resource consumption and service disruptions.
Impact
Exploitation of this vulnerability causes uncontrolled resource consumption, resulting in denial-of-service conditions on the affected system.
Remediation
Users can upgrade to ZCS 9.0.0 Patch 46, ZCS 10.0.15, or ZCS 10.1.9, all of which include the necessary patch. Instructions for upgrading can be found on the Zimbra website.
Added: Jul 9, 2025, 5:36 PM
Updated: Jul 9, 2025, 5:36 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
7.6remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.