CVE-2014-5447

Published: Oct 20, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

Affected (2)

Products: Zarafa: Webapp, Zarafa

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zarafa Webapp	Version 1.6
Zarafa Zarafa	Version 7.1.10

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://advisories.mageia.org/MGASA-2014-0380.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/444

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/445

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

Source: cve@mitre.org

http://www.securityfocus.com/bid/69362

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0380.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q3/444

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q3/445

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69362

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.