Summary
Zarafa WebApp is prone to a denial-of-service vulnerability.
Impact
Remote attackers can exploit this issue to cause denial-of-service conditions.
Solution
Delete the file '/senddocument.php' (It's neither referenced nor used anywhere) or update to 2.0 beta 3 (SVN 46848).
Insight
A flaw in Zarafa WebApp could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL).
Affected
Zarafa WebApp < 2.0 beta 3 (SVN 46848)
Detection
Check for the existence of /senddocument.php
References
Updated on 2015-03-25