CVE-2004-2576 - Griseous Stellers Sea Cow
Description
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users’ home-directory files which allows remote attackers to obtain sensitive information from these files.
Reference
https://savannah.gnu.org/bugs/?func=detailitem&item_id=8359 http://www.osvdb.org/7617 https://exchange.xforce.ibmcloud.com/vulnerabilities/19195