Vulnerability Description
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgroupware | Phpgroupware | 0.9.16rc1 |
References
- http://www.osvdb.org/7618
- http://www.securityfocus.com/bid/12237Patch
- https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227
- http://www.osvdb.org/7618
- http://www.securityfocus.com/bid/12237Patch
- https://savannah.gnu.org/bugs/?func=detailitem&item_id=7227
FAQ
What is CVE-2004-2577?
CVE-2004-2577 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from us...
How severe is CVE-2004-2577?
CVE-2004-2577 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2577?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgroupware Phpgroupware.