oss-sec mailing list archives
Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp
From: cve-assign () mitre org
Date: Sat, 3 Jan 2015 17:12:22 -0500 (EST)
On Sun, 7 Dec 2014, Robert Scheck wrote:
I discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp (any version) that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. Depending on the setup /tmp might be on / (e.g. RHEL). Zarafa WebApp is a fork and the successor of the Zarafa WebAccess. The affected files are /usr/share/zarafa-webaccess/senddocument.php as well as /usr/share/zarafa-webapp/senddocument.php. The default upload size is 30 MB (via /etc/httpd/conf.d/zarafa-webaccess.conf / zarafa-webapp.conf).
Use CVE-2014-9465. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp cve-assign (Jan 03)