PT-2014-6478 · Zarafa · Zarafa Webaccess+1

Published

2014-09-22

Updated

2015-11-17

CVE-2014-5447

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zarafa WebAccess version 7.1.10 Zarafa WebApp version 1.6 beta

Description The issue is related to weak permissions for the config.php file, which allows local users to obtain sensitive information by reading the PHP session files. This problem exists due to an incomplete fix for a previous issue.

Recommendations For Zarafa WebAccess version 7.1.10, consider changing the permissions of the config.php file to prevent local users from reading sensitive information. For Zarafa WebApp version 1.6 beta, adjust the permissions of the config.php file to restrict access to sensitive data.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-5447

MGASA-2014-0380

Affected Products

Zarafa Webaccess

Zarafa Webapp

PT-2014-6478 · Zarafa · Zarafa Webaccess+1

CVE-2014-5447

Weakness Enumeration

Related Identifiers

Affected Products

References · 11