Zarafa WebAccess Denial Of Service Vulnerability Network Vulnerability

Summary

Zarafa WebAccess is prone to a denial-of-service vulnerability.

Impact

Remote attackers can exploit this issue to cause denial-of-service conditions.

Solution

Delete the file '/senddocument.php' (It's neither referenced nor used anywhere) or update to 7.2.0 beta 1 (SVN 47004).

Insight

A flaw in Zarafa WebAccess could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL).

Affected

Zarafa WebAccess >= 7.0.0 - < 7.2.0 beta 1 (SVN 47004)

Detection

Check for the existence of /senddocument.php

References

https://bugzilla.redhat.com/show_bug.cgi?id=1139442

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Allaire JRun directory browsing vulnerability
Apple Safari Multiple Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
/cgi-bin directory browsable ?
Apache Tomcat Information Disclosure Vulnerability

Zarafa WebAccess Denial of Service Vulnerability

Take action and discover your vulnerabilities