[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE's concerning mod_php on 8.7.0



Unless you're doing something silly, like exposing the httpd ports (7780 and 7047, for convertd and aspell) publicly, this should affect about 0% of of zimbra installs. :) The only thing mod_php is used for is the spell check feature in ZWC.

Tony


From: "Pablo E Garaitonandia" <peg11@psu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Tuesday, September 6, 2016 1:37:13 PM
Subject: CVE's concerning mod_php on 8.7.0

Folks,
    8.7.0 has some critical CVE's in regards to the php module installed. I have included all the info we found on a scan in this bug. Please vote if interested. 

https://bugzilla.zimbra.com/show_bug.cgi?id=106580

Regards,
Pablo Garaitonandia
Penn State University