Zarafa WebApp Denial Of Service Vulnerability Network Vulnerability

Summary

Zarafa WebApp is prone to a denial-of-service vulnerability.

Impact

Remote attackers can exploit this issue to cause denial-of-service conditions.

Solution

Delete the file '/senddocument.php' (It's neither referenced nor used anywhere) or update to 2.0 beta 3 (SVN 46848).

Insight

A flaw in Zarafa WebApp could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL).

Affected

Zarafa WebApp < 2.0 beta 3 (SVN 46848)

Detection

Check for the existence of /senddocument.php

References

https://bugzilla.redhat.com/show_bug.cgi?id=1139442

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
Apache Rave User Information Disclosure Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Zarafa WebApp Denial of Service Vulnerability

Take action and discover your vulnerabilities