Published: 29/07/2014 Updated: 04/11/2015

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 19
zarafa zarafa 7.0.10
zarafa zarafa 7.0.12
zarafa zarafa 7.0.7
zarafa zarafa 7.0.9
zarafa webapp
zarafa zarafa
zarafa zarafa 7.0
zarafa zarafa 7.0.1
zarafa zarafa 7.1.1
zarafa zarafa 7.0.2
zarafa zarafa 7.0.3
zarafa zarafa 7.0.4
zarafa zarafa 7.0.5
zarafa zarafa 7.1.2
zarafa zarafa 7.1.3
zarafa zarafa 7.1.4
fedoraproject fedora 20
zarafa zarafa 7.0.11
zarafa zarafa 7.0.13
zarafa zarafa 7.0.6
zarafa zarafa 7.0.8
zarafa zarafa 7.1.0
zarafa zarafa 7.1.8

CWE-310 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html http://www.securityfocus.com/bid/68247 https://bugzilla.redhat.com/show_bug.cgi?id=1073618 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html http://advisories.mageia.org/MGASA-2014-0380.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0103

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect