Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for webapp by zarafa
CVE-2014-9465 (GCVE-0-2014-9465)
Vulnerability from nvd – Published: 2015-02-19 15:00 – Updated: 2024-08-06 13:47
VLAI
Summary
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://download.zarafa.com/community/beta/7.1/cha… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| https://jira.zarafa.com/browse/ZCP-12596 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://security.robert-scheck.de/cve-2014-9465-zarafa/ | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/12/07/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://advisories.mageia.org/MGASA-2015-0049.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1139442 | x_refsource_CONFIRM |
| http://download.zarafa.com/community/beta/7.2/cha… | x_refsource_CONFIRM |
Date Public
2014-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T20:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"name": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"name": "https://jira.zarafa.com/browse/ZCP-12596",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"name": "http://security.robert-scheck.de/cve-2014-9465-zarafa/",
"refsource": "MISC",
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0049.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"name": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9465",
"datePublished": "2015-02-19T15:00:00.000Z",
"dateReserved": "2015-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5449 (GCVE-0-2014-5449)
Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/69369 | vdb-entryx_refsource_BID |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5449",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5447 (GCVE-0-2014-5447)
Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/69362 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5447",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0103 (GCVE-0-2014-0103)
Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1073618 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/68247 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2014-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0103",
"datePublished": "2014-07-29T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9465 (GCVE-0-2014-9465)
Vulnerability from cvelistv5 – Published: 2015-02-19 15:00 – Updated: 2024-08-06 13:47
VLAI
Summary
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://download.zarafa.com/community/beta/7.1/cha… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| https://jira.zarafa.com/browse/ZCP-12596 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://security.robert-scheck.de/cve-2014-9465-zarafa/ | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/12/07/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://advisories.mageia.org/MGASA-2015-0049.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1139442 | x_refsource_CONFIRM |
| http://download.zarafa.com/community/beta/7.2/cha… | x_refsource_CONFIRM |
Date Public
2014-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T20:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"name": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"name": "https://jira.zarafa.com/browse/ZCP-12596",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"name": "http://security.robert-scheck.de/cve-2014-9465-zarafa/",
"refsource": "MISC",
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0049.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"name": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9465",
"datePublished": "2015-02-19T15:00:00.000Z",
"dateReserved": "2015-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5447 (GCVE-0-2014-5447)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/69362 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5447",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5449 (GCVE-0-2014-5449)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/69369 | vdb-entryx_refsource_BID |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5449",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0103 (GCVE-0-2014-0103)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1073618 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/68247 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2014-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0103",
"datePublished": "2014-07-29T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}