| Vulnerability Name: | CVE-2004-2577 (CCN-19135) | ||||||||
| Assigned: | 2004-12-31 | ||||||||
| Published: | 2004-12-31 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-2577 Source: OSVDB Type: UNKNOWN 7618 Source: CCN Type: OSVDB ID: 7618 phpGroupWare acl_check Failure Source: CCN Type: phpGroupWare Web site phpGroupWare Source: BID Type: Patch 12237 Source: CCN Type: BID-12237 PHPGroupWare ACL_Check Vulnerability Source: XF Type: UNKNOWN phpgroupware-acl-security-bypass(19135) Source: CCN Type: phpGroupWare - Bugs: Item Detail: 7227 bug #7227 overview: Webdav problem with acl_checks (security problem in some case ?) Source: CONFIRM Type: UNKNOWN https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||