Zarafa WebApp Denial Of Service Vulnerability Network Vulnerability

Summary

Zarafa WebApp is prone to a denial-of-service vulnerability.

Impact

Remote attackers can exploit this issue to cause denial-of-service conditions.

Solution

Delete the file '/senddocument.php' (It's neither referenced nor used anywhere) or update to 2.0 beta 3 (SVN 46848).

Insight

A flaw in Zarafa WebApp could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL).

Affected

Zarafa WebApp < 2.0 beta 3 (SVN 46848)

Detection

Check for the existence of /senddocument.php

References

https://bugzilla.redhat.com/show_bug.cgi?id=1139442

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Zarafa WebApp Denial of Service Vulnerability

Take action and discover your vulnerabilities