ID CVE-2012-4392Type cveReporter NVDModified 2012-09-13T00:00:00
Description
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 6.8}, "vulnersScore": 6.8}, "published": "2012-09-05T19:55:02", "cvelist": ["CVE-2012-4392"], "title": "CVE-2012-4392", "objectVersion": "1.2", "type": "cve", "hash": "d169ea7dbef6523cdd973b5108fc27a7e0298e1629df3d7216f0852d99da2cd9", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4392", "bulletinFamily": "NVD", "id": "CVE-2012-4392", "history": [], "scanner": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "modified": "2012-09-13T00:00:00", "viewCount": 1, "cpe": ["cpe:/a:owncloud:owncloud:4.0.7"], "edition": 1, "description": "index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.", "references": ["http://www.openwall.com/lists/oss-security/2012/09/02/2", "http://www.openwall.com/lists/oss-security/2012/08/11/1", "https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a"], "lastseen": "2016-09-03T17:02:12", "assessment": {"system": "", "name": "", "href": ""}}
{"owncloud": [{"lastseen": "2018-01-11T22:53:27", "references": [], "description": "index.php before ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.\n\n### Affected Software\n\n * ownCloud Server < **4.0.7** (CVE-2012-4392)\n\n### Action Taken\n\nIt is recommended that all instances are upgraded to ownCloud Server 4.0.7.\n\n### Acknowledgements\n\nThe ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:\n\n * Julien Cayssol - Vulnerability discovery and disclosure.\n", "edition": 1, "reporter": "Julien Cayssol \u2013 Vulnerability discovery and disclosure.", "published": "2012-07-10T17:18:01", "type": "owncloud", "title": "Auth bypass in index.php - ownCloud", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "affectedSoftware": [{"name": "ownCloud Server", "version": "4.0.7", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2012-4392"], "modified": "2018-01-03T17:18:34", "href": "https://owncloud.org/security/advisories/auth-bypass-index-php/", "id": "OWNCLOUD:35476A47608569B13CE031AD08D716F1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T21:06:29", "references": [], "edition": 1, "description": "index.php before ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.\n\n \n\n\n* * *\n\n**[For more information please consult the official advisory.](<https://owncloud.org/security/advisory/?id=oC-SA-2012-015>)**\n\n\nThis advisory is licensed [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/)", "reporter": "ownCloud", "published": "2012-07-10T11:42:22", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "owncloud", "title": "Server: Auth bypass in index.php", "bulletinFamily": "software", "affectedSoftware": [{"name": "ownCloud Server", "version": "4.0.7", "operator": "lt"}], "cvelist": ["CVE-2012-4392"], "modified": "2012-07-10T11:42:22", "id": "OC-SA-2012-015", "href": "https://owncloud.org/security/advisory/?id=oC-SA-2012-015", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
