CVE-2014-9465

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) mediante la subida de un número grande de ficheros.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-01-03 CVE Reserved
2015-02-10 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-08-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (11)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2015-0049.html	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2014/12/07/2	Mailing List
http://www.openwall.com/lists/oss-security/2015/01/03/10	Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1139442	X_refsource_confirm
https://jira.zarafa.com/browse/ZCP-12596	X_refsource_confirm

URL	Date	SRC
http://security.robert-scheck.de/cve-2014-9465-zarafa	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt	2016-04-07
http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt	2016-04-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html	2016-04-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html	2016-04-07
http://www.mandriva.com/security/advisories?name=MDVSA-2015:040	2016-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				20 Search vendor "Fedoraproject" for product "Fedora" and version "20"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				21 Search vendor "Fedoraproject" for product "Fedora" and version "21"		-		Affected
Zarafa Search vendor "Zarafa"		Webapp Search vendor "Zarafa" for product "Webapp"				<= 2.0 Search vendor "Zarafa" for product "Webapp" and version " <= 2.0"		beta2		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.0 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.0"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.1 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.1"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.2 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.2"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.3 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.3"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.4 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.4"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.5 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.5"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.6 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.6"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.7 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.7"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.8 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.8"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.9 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.9"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.10 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.10"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.11 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.11"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.12 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.12"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.0.13 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.0.13"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.0 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.0"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.1 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.1"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.2 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.2"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.3 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.3"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.4 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.4"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.5 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.5"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.6 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.6"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.7 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.7"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.8 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.8"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.9 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.9"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.10 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.10"		-		Affected
Zarafa Search vendor "Zarafa"		Zarafa Collaboration Platform Search vendor "Zarafa" for product "Zarafa Collaboration Platform"				7.1.11 Search vendor "Zarafa" for product "Zarafa Collaboration Platform" and version "7.1.11"		-		Affected