Lucene search

FreeBSD3166222B-C6A4-11E5-96D6-14DAE9D210B8

HistoryDec 23, 2015 - 12:00 a.m.

owncloud -- multiple vulnerabilities

2015-12-2300:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:N/A:C

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

0.004 Low

EPSS

Percentile

75.0%

JSON

Owncloud reports:

Reflected XSS in OCS provider discovery
(oC-SA-2016-001)
Information Exposure Through Directory Listing in the
file scanner (oC-SA-2016-002)
Disclosure of files that begin with “.v” due to
unchecked return value (oC-SA-2016-003)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchowncloud< 8.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	owncloud	< 8.2.2	UNKNOWN

References

owncloud.org/blog/owncloud-8-2-2-8-1-5-8-0-10-and-7-0-12-here-with-sharing-ldap-fixes/

owncloud.org/security/advisory/?id=oc-sa-2016-001

owncloud.org/security/advisory/?id=oc-sa-2016-002

owncloud.org/security/advisory/?id=oc-sa-2016-003

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:N/A:C

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for 3166222B-C6A4-11E5-96D6-14DAE9D210B8