[原文]class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
phpGroupWare class.vfs_dav.inc.php Home Directory .htaccess Creation Failure
Remote / Network Access
Loss of Confidentiality
phpGroupWare contains a flaw that may allow a remote attacker to bypass authentication settings. The problem is that the 'class.vfs_dav.inc.php' script does not properly create a '.htacess' file when creating a home user directory, which could allow a remote attacker to gain access to restricted pages resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.