CVE-2014-9466 Information

Description

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42 7.6.0 before 7.6.0-rev36 and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions which allows remote authenticated users to read files via unspecified vectors related to the \folder identifier.\

Reference

http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html http://www.securityfocus.com/archive/1/534695/100/0/threaded http://www.securityfocus.com/bid/72587 http://www.securitytracker.com/id/1031744 https://exchange.xforce.ibmcloud.com/vulnerabilities/100867