Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9044
cve-2014-9044
asset pipeline
owncloud 7.x
md5 hash
remote attackers
sensitive information
brute force attack
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
Affected configurations
Node
owncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud:owncloud | owncloud | eq | 7.0.0 |
| owncloud:owncloud | owncloud | eq | 7.0.1 |
| owncloud:owncloud | owncloud | eq | 7.0.2 |
Related
openvas
openvas
owncloud
owncloud
Local Path Disclosure when using Asset Pipeline - ownCloud
2014-11-25 18:36:53
Server: Local Path Disclosure when using Asset Pipeline
2014-11-25 15:00:00
cvelist
cvelist
CVE-2014-9044
2015-02-04 18:00:00
nvd
nvd
CVE-2014-9044
2015-02-04 18:59:04
prion
prion
Information disclosure
2015-02-04 18:59:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%
Related for CVE-2014-9044