Lucene search

[email protected]CVE-2014-5447

HistoryOct 20, 2014 - 3:55 p.m.

CVE-2014-5447

2014-10-2015:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-5447

zarafa

webaccess

webapp

permissions vulnerability

php session files

5.1 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

CPENameOperatorVersion
zarafa:webappzarafa webappeq1.6
zarafa:zarafazarafaeq7.1.10

CPE	Name	Operator	Version
zarafa:webapp	zarafa webapp	eq	1.6
zarafa:zarafa	zarafa	eq	7.1.10

References

advisories.mageia.org/MGASA-2014-0380.html

seclists.org/oss-sec/2014/q3/444

seclists.org/oss-sec/2014/q3/445

www.mandriva.com/security/advisories?name=MDVSA-2014:182

www.securityfocus.com/bid/69362

5.1 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2014-5447

ubuntucve1 prion2 nessus5 securityvulns2 mageia1 openvas9 fedora8 cve1