Lucene search
HistoryJun 04, 2014 - 2:55 p.m.
CVE-2012-5336
cve-2012-5336
owncloud
session variable
file reading
webdav
vulnerability
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
Affected configurations
Node
owncloudowncloudRange≤4.0.7
ORowncloudowncloudMatch4.0.0
ORowncloudowncloudMatch4.0.1
ORowncloudowncloudMatch4.0.2
ORowncloudowncloudMatch4.0.3
ORowncloudowncloudMatch4.0.4
ORowncloudowncloudMatch4.0.5
ORowncloudowncloudMatch4.0.6
Related
ubuntucve
ubuntucve
CVE-2012-5336
2014-06-04 00:00:00
prion
prion
Open redirect
2014-06-04 14:55:00
nvd
nvd
CVE-2012-5336
2014-06-04 14:55:03
cvelist
cvelist
CVE-2012-5336
2014-06-04 14:00:00
owncloud
owncloud
Server: Auth bypass in /lib/base.php
2012-08-10 11:42:22
Auth bypass in /lib/base.php - ownCloud
2012-08-10 17:09:56
openvas
openvas
ownCloud Multiple Vulnerabilities-01 (Jul 2014)
2014-07-03 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.7%
Related for CVE-2012-5336