CVE-2014-5447 in WebAccessinfo

Summary

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/25/2014

Disclosure

10/20/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
72480	Zarafa WebAccess config.php information disclosure	200	Not defined	Not defined	CVE-2014-5447

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸