CVE-2004-2577

Name of the Vulnerable Software and Affected Versions phpGroupWare version 0.9.16RC2

Description The issue is related to the acl check function, which always returns True, even when mkdir does not behave as expected. This could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files. The exact impacts of this issue are not fully understood and may extend beyond the described scenario.

Recommendations For phpGroupWare version 0.9.16RC2, as a temporary workaround, consider disabling the acl check function until a patch is available. Restrict access to sensitive information in users' home directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.