Lucene search

[email protected]CVE-2012-2270

HistoryApr 20, 2012 - 10:55 a.m.

CVE-2012-2270

2012-04-2010:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-2270

open redirect

index.php

owncloud

web security

phishing

nvd

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

CPENameOperatorVersion
owncloud:owncloudowncloudeq3.0.0
owncloud:owncloudowncloudle3.0.2
owncloud:owncloudowncloudeq3.0.1

CPE	Name	Operator	Version
owncloud:owncloud	owncloud	eq	3.0.0
owncloud:owncloud	owncloud	le	3.0.2
owncloud:owncloud	owncloud	eq	3.0.1

References

archives.neohapsis.com/archives/bugtraq/2012-04/0127.html

osvdb.org/81211

owncloud.org/security/advisories/CVE-2012-2270/

packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html

secunia.com/advisories/48850

www.openwall.com/lists/oss-security/2012/08/11/1

www.openwall.com/lists/oss-security/2012/09/02/2

www.securityfocus.com/bid/53145

www.tele-consulting.com/advisories/TC-SA-2012-01.txt

exchange.xforce.ibmcloud.com/vulnerabilities/75029

6.7 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2012-2270

ubuntucve1 prion1 cvelist1 securityvulns2 packetstorm1 openvas1