Vulnerabilities > CVE-2004-2576 - Information Disclosure vulnerability in PHPgroupware 0.9.16.000
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |