Basilix Webmail Incorrect File Permissions Vulnerability
BID:2198
Info
Basilix Webmail Incorrect File Permissions Vulnerability
| Bugtraq ID: | 2198 |
| Class: | Configuration Error |
| CVE: |
CVE-2001-1044 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 11 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | Reported to bugtraq by Tamer Sahin <[email protected]> on Thu, 11 Jan 2001 |
| Vulnerable: |
Basilix Webmail 0.9.7 beta |
| Not Vulnerable: | |
Discussion
Basilix Webmail Incorrect File Permissions Vulnerability
A vulnerability has been reported in basilix webmail v. 0.9.7b.
Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.
These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.
Properly exploited, this information can allow further attacks on the affected host.
A vulnerability has been reported in basilix webmail v. 0.9.7b.
Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.
These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.
Properly exploited, this information can allow further attacks on the affected host.
References
Basilix Webmail Incorrect File Permissions Vulnerability
References:
References: