VDB

GCVE-110-MAGEIA-2014-380

GCVE-110-MAGEIA-2014-380
Advisory Published
Vulnetix · Advisory published September 22, 2014
Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103). Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450).

Affected Products

VendorProductVersionsPlatforms
Mageiazarafa0 (affected), 7.1.11-1.mga4 (unaffected)
Mageiazarafa0 (affected), 7.1.11-1.mga3 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›