CVE-2014-0103
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 22.3%
EPSS: 2026-05-06
Afecta
zarafa:webappzarafa:zarafafedoraproject:fedoraDescripción técnica
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Publicada: 29/7/2014, 14:55:04
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://advisories.mageia.org/MGASA-2014-0380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:182
- http://www.securityfocus.com/bid/68247
- https://bugzilla.redhat.com/show_bug.cgi?id=1073618
- http://advisories.mageia.org/MGASA-2014-0380.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html