CVE-2014-5447

medium

Description

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

References

http://www.securityfocus.com/bid/69362

http://www.mandriva.com/security/advisories?name=MDVSA-2014:182

http://seclists.org/oss-sec/2014/q3/445

http://seclists.org/oss-sec/2014/q3/444

http://advisories.mageia.org/MGASA-2014-0380.html

Details

Source: Mitre, NVD

Published: 2014-10-20

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium