CVE-2014-5449

CVE-2014-5449

EPSS 0.4%

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 https://exchange.xforce.ibmcloud.com/vulnerabilities/95453 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69369