What important aspects of Zimbra's architecture are relevant for vulnerability debugging?
Zimbra uses the Jetty framework as its web container and compiles JSP files into Java files stored under /opt/zimbra/jetty_base/work/zimbra/jsp/. A JspServletWrapper instance is registered for each accessed JSP. These can be enumerated via reflection using request scope and ConcurrentHashMap, which is useful for understanding JSP handling and potential attack surfaces during vulnerability research.
---
**Related reading:**
- Setting up Zimbra Vulnerability Debugging Environment — original article
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
- Penetration Techniques - Enabling Anonymous Access Shares on Windows Systems via Command Line
- Penetration Technique: Python Implementation of Exchange PowerShell
---
**Related reading:**
- Setting up Zimbra Vulnerability Debugging Environment — original article
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
- Penetration Techniques - Enabling Anonymous Access Shares on Windows Systems via Command Line
- Penetration Technique: Python Implementation of Exchange PowerShell
ZimbraJettyJSPJspServletWrapperreflectionvulnerability debugging