CVE-2014-5447

Zarafa WebApp 1.6 beta - Exposure of Sensitive Information via Weak config.php Permissions

Title source: llm
STIX 2.1

Description

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/444
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69362
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0380.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/445

Scores

EPSS 0.0037
EPSS Percentile 29.0%

Details

CWE
CWE-200
Status published
Products (2)
zarafa/webapp 1.6
zarafa/zarafa 7.1.10
Published Oct 20, 2014
Tracked Since Feb 18, 2026