Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2014-2047
cve
2014
2047
session fixation
owncloud
vulnerability
remote attackers
hijack
web sessions
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.5%
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.
Affected configurations
Node
owncloudowncloudRange≤6.0.1
ORowncloudowncloudMatch6.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud:owncloud | owncloud | le | 6.0.1 |
| owncloud:owncloud | owncloud | eq | 6.0.0 |
Related
ubuntucve
ubuntucve
CVE-2014-2047
2014-03-14 00:00:00
prion
prion
Session fixation
2014-03-14 16:55:00
openvas
openvas
ownCloud Session Fixation Vulnerability
2014-05-06 00:00:00
cvelist
cvelist
CVE-2014-2047
2014-03-14 16:00:00
owncloud
owncloud
Session Fixation - ownCloud
2014-07-03 18:17:28
Server: Session Fixation
2014-07-03 02:00:00
Server: Insecure Flash Cross Domain policies
2014-07-03 02:00:00
nvd
nvd
CVE-2014-2047
2014-03-14 16:55:05
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.5%
Related for CVE-2014-2047