Title: Basilix Webmail Incorrect File Permissions Vulnerability
Severity: MODERATE
Description:
A vulnerability has been reported in basilix webmail v. 0.9.7b.
Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for the MySQL database that the product uses.
These files reside in directories accessible via http. If the webserver is not configured to treat .class and .inc files as PHP scripts,they can be retrieved by remote users.
Properly exploited, this information can allow further attacks on the affected host.
Affected Products:
- Basilix Webmail 0.9.7 beta
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
