CVE-2014-5447
Zarafa WebApp 1.6 beta - Exposure of Sensitive Information via Weak config.php Permissions
Title source: llmDescription
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/444
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69362
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0380.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/445
Scores
EPSS
0.0037
EPSS Percentile
29.0%
Details
CWE
CWE-200
Status
published
Products (2)
zarafa/webapp
1.6
zarafa/zarafa
7.1.10
Published
Oct 20, 2014
Tracked Since
Feb 18, 2026