CVE-2004-2577 - The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behav

CVE-2004-2577

Summary

The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.

References

Vulnerable Configurations

cpe:2.3:a:phpgroupware:phpgroupware:0.9.16rc1:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16rc1:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16rc2:*:*:*:*:*:*:*
cpe:2.3:a:phpgroupware:phpgroupware:0.9.16rc2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-09-2008 - 20:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	12237
confirm	https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227
osvdb	7618

Last major update

05-09-2008 - 20:44

Published

31-12-2004 - 05:00

Last modified

05-09-2008 - 20:44