eGroupWare Web server unspecified

egroupware-webserver-unspecified (42141) The risk level is classified as LowLow Risk

Description:

Multiple unspecified vulnerabilities in eGroupWare, related to the Web server having directory write access in the Web document root, have an unknown impact and unknown attack vector.

Platforms Affected:

  • eGroupWare, eGroupWare 1.4.001
  • eGroupWare, eGroupWare 1.4.002
  • eGroupWare, eGroupWare 1.4.003
  • Gentoo, Linux

Remedy:

Upgrade to the latest version of eGroupWare (1.4.004 or later), available from the eGroupWare Web page. See References.

Consequences:

Other

References:

  • eGroupWare Web page, eGroupWare 1.4.004 FCKeditor update & security release at http://www.egroupware.org/.
  • BID-28817: eGroupWare Unspecified Arbitrary File Upload Vulnerability
  • CVE-2008-2041: Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and grave impact when the web server has write access to a directory under the web document root.
  • GLSA-200805-04: eGroupWare: Multiple vulnerabilities
  • SA29790: eGroupWare File Upload Vulnerability

Reported:

Apr 30, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page