Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2014-2049
cve-2014-2049
owncloud
flash
cross domain
remote attack
file access
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
60.9%
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
Affected configurations
Node
owncloudowncloudMatch6.0.0
ORowncloudowncloudMatch6.0.1
Node
owncloudowncloudRange≤5.0.14
ORowncloudowncloudMatch3.0.0
ORowncloudowncloudMatch3.0.1
ORowncloudowncloudMatch3.0.2
ORowncloudowncloudMatch3.0.3
ORowncloudowncloudMatch4.0.0
ORowncloudowncloudMatch4.0.1
ORowncloudowncloudMatch4.0.2
ORowncloudowncloudMatch4.0.3
ORowncloudowncloudMatch4.0.4
ORowncloudowncloudMatch4.0.5
ORowncloudowncloudMatch4.0.6
ORowncloudowncloudMatch4.0.7
ORowncloudowncloudMatch4.0.8
ORowncloudowncloudMatch4.0.9
ORowncloudowncloudMatch4.0.10
ORowncloudowncloudMatch4.0.11
ORowncloudowncloudMatch4.0.12
ORowncloudowncloudMatch4.0.13
ORowncloudowncloudMatch4.0.14
ORowncloudowncloudMatch4.0.15
ORowncloudowncloudMatch4.0.16
ORowncloudowncloudMatch4.5.0
ORowncloudowncloudMatch4.5.1
ORowncloudowncloudMatch4.5.2
ORowncloudowncloudMatch4.5.3
ORowncloudowncloudMatch4.5.4
ORowncloudowncloudMatch4.5.5
ORowncloudowncloudMatch4.5.6
ORowncloudowncloudMatch4.5.7
ORowncloudowncloudMatch4.5.8
ORowncloudowncloudMatch4.5.9
ORowncloudowncloudMatch4.5.10
ORowncloudowncloudMatch4.5.11
ORowncloudowncloudMatch4.5.12
ORowncloudowncloudMatch4.5.13
ORowncloudowncloudMatch5.0.0
ORowncloudowncloudMatch5.0.1
ORowncloudowncloudMatch5.0.2
ORowncloudowncloudMatch5.0.3
ORowncloudowncloudMatch5.0.4
ORowncloudowncloudMatch5.0.5
ORowncloudowncloudMatch5.0.6
ORowncloudowncloudMatch5.0.7
ORowncloudowncloudMatch5.0.8
ORowncloudowncloudMatch5.0.9
ORowncloudowncloudMatch5.0.10
ORowncloudowncloudMatch5.0.11
ORowncloudowncloudMatch5.0.12
ORowncloudowncloudMatch5.0.13
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud:owncloud | owncloud | eq | 6.0.0 |
| owncloud:owncloud | owncloud | eq | 6.0.1 |
Related
prion
prion
Cross site scripting
2014-03-14 16:55:00
openvas
openvas
ownCloud Flash Cross-Domain Information Disclosure Vulnerability
2014-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-2049
2014-03-14 00:00:00
cvelist
cvelist
CVE-2014-2049
2014-03-14 16:00:00
nvd
nvd
CVE-2014-2049
2014-03-14 16:55:05
owncloud
owncloud
Host Header Poisoning - ownCloud
2014-07-03 18:21:29
Server: Insecure Flash Cross Domain policies
2014-07-03 02:00:00
Server: LDAP injection
2014-07-03 02:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
60.9%
Related for CVE-2014-2049