Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zarafa zarafa 7.1.10 |
||
zarafa webapp 1.6 |