Summary
Zarafa WebAccess is prone to a denial-of-service vulnerability.
Impact
Remote attackers can exploit this issue to cause denial-of-service conditions.
Solution
Delete the file '/senddocument.php' (It's neither referenced nor used anywhere) or update to 7.2.0 beta 1 (SVN 47004).
Insight
A flaw in Zarafa WebAccess could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL).
Affected
Zarafa WebAccess >= 7.0.0 - < 7.2.0 beta 1 (SVN 47004)
Detection
Check for the existence of /senddocument.php
References
Updated on 2015-03-25