CVE-2014-5447 Information

Description

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

Reference

http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69362