This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Zarafa First view 2014-07-29
Product Webapp Last view 2015-02-19
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:zarafa:webapp

Activity : Overall

Related : CVE

  Date Alert Description
5 2015-02-19 CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

2.1 2014-10-20 CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

2.1 2014-07-29 CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-399 Resource Management Errors
33% (1) CWE-310 Cryptographic Issues
33% (1) CWE-200 Information Exposure

Nessus® Vulnerability Scanner

id Description
2015-04-28 Name: The remote Fedora host is missing a security update.
File: fedora_2015-5823.nasl - Type: ACT_GATHER_INFO
2015-04-28 Name: The remote Fedora host is missing a security update.
File: fedora_2015-5864.nasl - Type: ACT_GATHER_INFO
2015-02-11 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-040.nasl - Type: ACT_GATHER_INFO
2014-09-25 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2014-182.nasl - Type: ACT_GATHER_INFO
2014-09-03 Name: The remote Fedora host is missing a security update.
File: fedora_2014-9768.nasl - Type: ACT_GATHER_INFO
2014-08-30 Name: The remote Fedora host is missing a security update.
File: fedora_2014-9754.nasl - Type: ACT_GATHER_INFO
2014-07-28 Name: The remote Fedora host is missing a security update.
File: fedora_2014-7889.nasl - Type: ACT_GATHER_INFO
2014-07-28 Name: The remote Fedora host is missing a security update.
File: fedora_2014-7896.nasl - Type: ACT_GATHER_INFO