What is the severity of CVE-2021-35209?

The severity of CVE-2021-35209 is critical, with a CVSS score of 9.8.

How does CVE-2021-35209 affect Zimbra Collaboration Suite?

CVE-2021-35209 allows the value of the X-Host header to overwrite the value of the Host header in proxied requests in Zimbra Collaboration Suite.

How can I fix CVE-2021-35209 in Zimbra Collaboration Suite?

To fix CVE-2021-35209, upgrade Zimbra Collaboration Suite to version 8.8.15 Patch 23 or 9.0.0 Patch 16.

Vulnerability/
CVE-2021-35209

critical

9.8

CWE

918

2/7/2021

20/9/2021

CVE-2021-35209: SSRF

Q: What is the vulnerability identified as CVE-2021-35209?

CVE-2021-35209 is an issue in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.

Q: Which versions of Zimbra Collaboration Suite are affected by CVE-2021-35209?

The vulnerability affects Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.

First published: Fri Jul 02 2021(Updated: )

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zimbra Collaboration	>=8.8<8.8.15
Zimbra Collaboration	=8.8.15
Zimbra Collaboration	=8.8.15-p1
Zimbra Collaboration	=8.8.15-p10
Zimbra Collaboration	=8.8.15-p11
Zimbra Collaboration	=8.8.15-p12
Zimbra Collaboration	=8.8.15-p13
Zimbra Collaboration	=8.8.15-p14
Zimbra Collaboration	=8.8.15-p15
Zimbra Collaboration	=8.8.15-p16
Zimbra Collaboration	=8.8.15-p17
Zimbra Collaboration	=8.8.15-p18
Zimbra Collaboration	=8.8.15-p19
Zimbra Collaboration	=8.8.15-p2
Zimbra Collaboration	=8.8.15-p3
Zimbra Collaboration	=8.8.15-p4
Zimbra Collaboration	=8.8.15-p5
Zimbra Collaboration	=8.8.15-p6
Zimbra Collaboration	=8.8.15-p7
Zimbra Collaboration	=8.8.15-p8
Zimbra Collaboration	=8.8.15-p9
Zimbra Collaboration	=9.0.0
Zimbra Collaboration	=9.0.0-p1
Zimbra Collaboration	=9.0.0-p10
Zimbra Collaboration	=9.0.0-p11
Zimbra Collaboration	=9.0.0-p12
Zimbra Collaboration	=9.0.0-p2
Zimbra Collaboration	=9.0.0-p3
Zimbra Collaboration	=9.0.0-p4
Zimbra Collaboration	=9.0.0-p5
Zimbra Collaboration	=9.0.0-p6
Zimbra Collaboration	=9.0.0-p7
Zimbra Collaboration	=9.0.0-p8
Zimbra Collaboration	=9.0.0-p9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability identified as CVE-2021-35209?
CVE-2021-35209 is an issue in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.
What is the severity of CVE-2021-35209?
The severity of CVE-2021-35209 is critical, with a CVSS score of 9.8.
How does CVE-2021-35209 affect Zimbra Collaboration Suite?
CVE-2021-35209 allows the value of the X-Host header to overwrite the value of the Host header in proxied requests in Zimbra Collaboration Suite.
Which versions of Zimbra Collaboration Suite are affected by CVE-2021-35209?
The vulnerability affects Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.
How can I fix CVE-2021-35209 in Zimbra Collaboration Suite?
To fix CVE-2021-35209, upgrade Zimbra Collaboration Suite to version 8.8.15 Patch 23 or 9.0.0 Patch 16.

collector/nvd-index
vendor/zimbra
canonical/zimbra collaboration
version/zimbra collaboration/8.8
version/zimbra collaboration/8.8.15
version/zimbra collaboration/8.8.15-p1
version/zimbra collaboration/8.8.15-p10
version/zimbra collaboration/8.8.15-p11
version/zimbra collaboration/8.8.15-p12
version/zimbra collaboration/8.8.15-p13
version/zimbra collaboration/8.8.15-p14
version/zimbra collaboration/8.8.15-p15
version/zimbra collaboration/8.8.15-p16
version/zimbra collaboration/8.8.15-p17
version/zimbra collaboration/8.8.15-p18
version/zimbra collaboration/8.8.15-p19
version/zimbra collaboration/8.8.15-p2
version/zimbra collaboration/8.8.15-p3
version/zimbra collaboration/8.8.15-p4
version/zimbra collaboration/8.8.15-p5
version/zimbra collaboration/8.8.15-p6
version/zimbra collaboration/8.8.15-p7
version/zimbra collaboration/8.8.15-p8
version/zimbra collaboration/8.8.15-p9
version/zimbra collaboration/9.0.0
version/zimbra collaboration/9.0.0-p1
version/zimbra collaboration/9.0.0-p10
version/zimbra collaboration/9.0.0-p11
version/zimbra collaboration/9.0.0-p12
version/zimbra collaboration/9.0.0-p2
version/zimbra collaboration/9.0.0-p3
version/zimbra collaboration/9.0.0-p4
version/zimbra collaboration/9.0.0-p5
version/zimbra collaboration/9.0.0-p6
version/zimbra collaboration/9.0.0-p7
version/zimbra collaboration/9.0.0-p8
version/zimbra collaboration/9.0.0-p9

CVE-2021-35209: SSRF

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability identified as CVE-2021-35209?

What is the severity of CVE-2021-35209?

How does CVE-2021-35209 affect Zimbra Collaboration Suite?

Which versions of Zimbra Collaboration Suite are affected by CVE-2021-35209?

How can I fix CVE-2021-35209 in Zimbra Collaboration Suite?

Company

Resources

Contact