Lucene search
HistoryFeb 04, 2015 - 6:59 p.m.
CVE-2014-9044
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
56.5%
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.
Affected configurations
Node
owncloudowncloudMatch7.0.0
ORowncloudowncloudMatch7.0.1
ORowncloudowncloudMatch7.0.2
Related
owncloud
owncloud
Local Path Disclosure when using Asset Pipeline - ownCloud
2014-11-25 18:36:53
Server: Local Path Disclosure when using Asset Pipeline
2014-11-25 15:00:00
openvas
openvas
prion
prion
Information disclosure
2015-02-04 18:59:00
cvelist
cvelist
CVE-2014-9044
2015-02-04 18:00:00
cve
cve
CVE-2014-9044
2015-02-04 18:59:04
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.002
Percentile
56.5%
Related for NVD:CVE-2014-9044