Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zarafa WebAccess和WebApp 信息泄露漏洞
Vulnerability Description
Zarafa是荷兰Zarafa公司的一套商业性协作式软件解决方案,该方案提供了Email和Webmail服务、地址簿和日历等功能。WebAccess和WebApp都是其中的应用软件。 Zarafa WebAccess 7.1.10版本和WebApp 1.6 beta版本中存在安全漏洞,该漏洞源于config.php脚本使用弱权限。本地攻击者可通过读取PHP会话文件利用该漏洞获取敏感信息。(说明:由于CNNVD-201407-329的补丁并没有完整修复该漏洞,在CNNVD-201408-515中仍然存在)
CVSS Information
N/A
Vulnerability Type
N/A