ownCloud Cross Site Request Forgery Vulnerability -01 May14
2014-05-05T00:00:00
ID OPENVAS:1361412562310804278 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2020-04-20T00:00:00
Description
This host is installed with ownCloud and is prone to cross-site request
forgery vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
#
# ownCloud Cross Site Request Forgery Vulnerability -01 May14
#
# Authors:
# Shakeel <bshakeel@secpod.com>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:owncloud:owncloud";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804278");
script_version("2020-04-20T13:31:49+0000");
script_cve_id("CVE-2013-0301");
script_bugtraq_id(58107);
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)");
script_tag(name:"creation_date", value:"2014-05-05 11:20:11 +0530 (Mon, 05 May 2014)");
script_name("ownCloud Cross Site Request Forgery Vulnerability -01 May14");
script_tag(name:"summary", value:"This host is installed with ownCloud and is prone to cross-site request
forgery vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists due to insufficient validation of user-supplied input passed
via the 'timezone' POST parameter to settimezone within
/apps/calendar/ajax/settings.");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to conduct cross-site
request forgery attacks.");
script_tag(name:"affected", value:"ownCloud Server before version 4.0.12");
script_tag(name:"solution", value:"Upgrade to ownCloud version 4.0.12 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://seclists.org/oss-sec/2013/q1/378");
script_xref(name:"URL", value:"http://owncloud.org/about/security/advisories/oC-SA-2013-004");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("gb_owncloud_detect.nasl");
script_mandatory_keys("owncloud/installed");
script_require_ports("Services/www", 80);
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!ownPort = get_app_port(cpe:CPE)){
exit(0);
}
if(!ownVer = get_app_version(cpe:CPE, port:ownPort)){
exit(0);
}
if(version_is_less(version:ownVer, test_version:"4.0.12"))
{
report = report_fixed_ver(installed_version:ownVer, fixed_version:"4.0.12");
security_message(port:ownPort, data:report);
exit(0);
}
{"id": "OPENVAS:1361412562310804278", "type": "openvas", "bulletinFamily": "scanner", "title": "ownCloud Cross Site Request Forgery Vulnerability -01 May14", "description": "This host is installed with ownCloud and is prone to cross-site request\nforgery vulnerability.", "published": "2014-05-05T00:00:00", "modified": "2020-04-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804278", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["http://seclists.org/oss-sec/2013/q1/378", "http://owncloud.org/about/security/advisories/oC-SA-2013-004"], "cvelist": ["CVE-2013-0301"], "lastseen": "2020-04-22T17:03:57", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0301"]}, {"type": "owncloud", "idList": ["OC-SA-2013-004", "OWNCLOUD:91E1ED0CD00191A83BB9CBCCFB368A1E"]}], "modified": "2020-04-22T17:03:57", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-04-22T17:03:57", "rev": 2}, "vulnersScore": 5.2}, "pluginID": "1361412562310804278", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ownCloud Cross Site Request Forgery Vulnerability -01 May14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804278\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2013-0301\");\n script_bugtraq_id(58107);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:20:11 +0530 (Mon, 05 May 2014)\");\n script_name(\"ownCloud Cross Site Request Forgery Vulnerability -01 May14\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with ownCloud and is prone to cross-site request\nforgery vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw exists due to insufficient validation of user-supplied input passed\nvia the 'timezone' POST parameter to settimezone within\n/apps/calendar/ajax/settings.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct cross-site\nrequest forgery attacks.\");\n script_tag(name:\"affected\", value:\"ownCloud Server before version 4.0.12\");\n script_tag(name:\"solution\", value:\"Upgrade to ownCloud version 4.0.12 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2013/q1/378\");\n script_xref(name:\"URL\", value:\"http://owncloud.org/about/security/advisories/oC-SA-2013-004\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(version_is_less(version:ownVer, test_version:\"4.0.12\"))\n{\n report = report_fixed_ver(installed_version:ownVer, fixed_version:\"4.0.12\");\n security_message(port:ownPort, data:report);\n exit(0);\n}\n", "naslFamily": "Web application abuses"}
{"cve": [{"lastseen": "2021-02-02T06:06:45", "description": "Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.", "edition": 6, "cvss3": {}, "published": "2014-03-14T17:55:00", "title": "CVE-2013-0301", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0301"], "modified": "2014-03-25T20:56:00", "cpe": ["cpe:/a:owncloud:owncloud:4.0.2", "cpe:/a:owncloud:owncloud:4.0.9", "cpe:/a:owncloud:owncloud:4.0.10", "cpe:/a:owncloud:owncloud:4.0.3", "cpe:/a:owncloud:owncloud:3.0.1", "cpe:/a:owncloud:owncloud:4.0.6", "cpe:/a:owncloud:owncloud:4.0.11", "cpe:/a:owncloud:owncloud:4.0.4", "cpe:/a:owncloud:owncloud:3.0.0", "cpe:/a:owncloud:owncloud:4.0.8", "cpe:/a:owncloud:owncloud:3.0.3", "cpe:/a:owncloud:owncloud:4.0.0", "cpe:/a:owncloud:owncloud:3.0.2", "cpe:/a:owncloud:owncloud:4.0.1", "cpe:/a:owncloud:owncloud:4.0.5", "cpe:/a:owncloud:owncloud:4.0.7"], "id": "CVE-2013-0301", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0301", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:owncloud:owncloud:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:owncloud:owncloud:3.0.0:*:*:*:*:*:*:*"]}], "owncloud": [{"lastseen": "2016-09-26T21:06:28", "bulletinFamily": "software", "cvelist": ["CVE-2013-0299", "CVE-2013-0301", "CVE-2013-0300"], "edition": 1, "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via \n\n * the \"lat\" and \"lng\" POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ (CVE-2013-0299)\n * **Commits:** 452a626 (stable45), 015ac6a (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \"calendar\" app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the timezone of the user.\n * the \"timezonedetection\" POST parameter to timezonedetection.php in /apps/calendar/ajax/settings/ (CVE-2013-0299)\n * **Commits:** 452a626 (stable45) , 97d0cee (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \"calendar\" app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to disable or enable the automatic timezone detection.\n * the \"admin_export\" POST parameter to settings.php in /apps/admin_migrate/ (CVE-2013-0299)\n * **Commits:** bc93744 (stable45), 28dc89e (stable4)\n * **Risk:** Moderate\n * **Note:** Successful exploitation of this CSRF requires the \"admin_migrate\" app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to import an user account.\n * the \"operation\" POST parameter to export.php in /apps/user_migrate/ajax/ (CVE-2013-0299)\n * **Commits:** 2de405a (stable45), de9befd (stable4)\n * **Risk:** Moderate\n * **Note:** Successful exploitation of this CSRF requires the \"user_migrate\" app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to overwrite files of the logged in user.\n * multiple unspecified POST parameters to settings.php in /apps/user_ldap/ (CVE-2013-0299)\n * **Commits:** 5ec272d (stable45), b966095 (stable4)\n * **Risk:** High\n * **Note:** Successful exploitation of this CSRF requires the \"user_ldap\" app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to change the authentication server URL.\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and all prior versions (except 4.0.x) allows remote attackers to hijack the authentication for users via \n\n * the \"v\" POST parameter to changeview.php in /apps/calendar/ajax/ (CVE-2013-0300)\n * **Commits:** 452a626 (stable45)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \"calendar\" app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the default view of an user.\n * multiple unspecified parameters to addRootCertificate.php, dropbox.php and google.php in /apps/files_external/ajax/ (CVE-2013-0300)\n * **Commits:** 2e819d6 + 24a7381e9f (stable45)\n * **Risk:** Medium\n * **Note:** Successful exploitation of this CSRF requires the \"files_external\" app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to mount arbitrary Google Drive or Dropbox folders to the internal filesystem.\n * multiple unspecified POST parameters to settings.php in /apps/user_webdavauth/ (CVE-2013-0300)\n * **Commits:** 9282641 (stable45)\n * **Risk:** High\n * **Note:** Successful exploitation of this CSRF requires the \"user_webdavauth\" app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to change the authentication server URL.\n\nA cross-site request forgery (CSRF) vulnerability in ownCloud 4.0.11 and all prior versions allows remote attackers to hijack the authentication for users via \n\n * the \"timezone\" POST parameter to settimezone in /apps/calendar/ajax/settings/ (CVE-2013-0301)\n * **Commits:** 97d0cee (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \"calendar\" app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the timezone of an user.\n\n \n\n\n* * *\n\n**[For more information please consult the official advisory.](<https://owncloud.org/security/advisory/?id=oC-SA-2013-004>)**\n\n\nThis advisory is licensed [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/)", "modified": "2013-02-20T10:42:22", "published": "2013-02-20T10:42:22", "id": "OC-SA-2013-004", "href": "https://owncloud.org/security/advisory/?id=oC-SA-2013-004", "type": "owncloud", "title": "Server: Multiple CSRF vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T22:53:24", "bulletinFamily": "software", "cvelist": ["CVE-2013-0299", "CVE-2013-0301", "CVE-2013-0300"], "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via\n\n * the \u201clat\u201d and \u201clng\u201d POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ (CVE-2013-0299) \n * **Commits:** 452a626 (stable45), 015ac6a (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \u201ccalendar\u201d app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the timezone of the user.\n * the \u201ctimezonedetection\u201d POST parameter to timezonedetection.php in /apps/calendar/ajax/settings/ (CVE-2013-0299) \n * **Commits:** 452a626 (stable45) , 97d0cee (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \u201ccalendar\u201d app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to disable or enable the automatic timezone detection.\n * the \u201cadmin_export\u201d POST parameter to settings.php in /apps/admin_migrate/ (CVE-2013-0299) \n * **Commits:** bc93744 (stable45), 28dc89e (stable4)\n * **Risk:** Moderate\n * **Note:** Successful exploitation of this CSRF requires the \u201cadmin_migrate\u201d app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to import an user account.\n * the \u201coperation\u201d POST parameter to export.php in /apps/user_migrate/ajax/ (CVE-2013-0299) \n * **Commits:** 2de405a (stable45), de9befd (stable4)\n * **Risk:** Moderate\n * **Note:** Successful exploitation of this CSRF requires the \u201cuser_migrate\u201d app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to overwrite files of the logged in user.\n * multiple unspecified POST parameters to settings.php in /apps/user_ldap/ (CVE-2013-0299) \n * **Commits:** 5ec272d (stable45), b966095 (stable4)\n * **Risk:** High\n * **Note:** Successful exploitation of this CSRF requires the \u201cuser_ldap\u201d app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to change the authentication server URL.\n\nMultiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.6 and all prior versions (except 4.0.x) allows remote attackers to hijack the authentication for users via\n\n * the \u201cv\u201d POST parameter to changeview.php in /apps/calendar/ajax/ (CVE-2013-0300) \n * **Commits:** 452a626 (stable45)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \u201ccalendar\u201d app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the default view of an user.\n * multiple unspecified parameters to addRootCertificate.php, dropbox.php and google.php in /apps/files_external/ajax/ (CVE-2013-0300) \n * **Commits:** 2e819d6 + 24a7381e9f (stable45)\n * **Risk:** Medium\n * **Note:** Successful exploitation of this CSRF requires the \u201cfiles_external\u201d app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to mount arbitrary Google Drive or Dropbox folders to the internal filesystem.\n * multiple unspecified POST parameters to settings.php in /apps/user_webdavauth/ (CVE-2013-0300) \n * **Commits:** 9282641 (stable45)\n * **Risk:** High\n * **Note:** Successful exploitation of this CSRF requires the \u201cuser_webdavauth\u201d app to be enabled (disabled by default).\n * **Impact:** An attacker may be able to change the authentication server URL.\n\nA cross-site request forgery (CSRF) vulnerability in ownCloud 4.0.11 and all prior versions allows remote attackers to hijack the authentication for users via\n\n * the \u201ctimezone\u201d POST parameter to settimezone in /apps/calendar/ajax/settings/ (CVE-2013-0301) \n * **Commits:** 97d0cee (stable4)\n * **Risk:** Negligible\n * **Note:** Successful exploitation of this CSRF requires the \u201ccalendar\u201d app to be enabled (enabled by default).\n * **Impact:** An attacker may be able to change the timezone of an user.\n\n### Affected Software\n\n * ownCloud Server < **4.5.7** (CVE-2013-0299, CVE-2013-0300)\n * ownCloud Server < **4.0.12** (CVE-2013-0299, CVE-2013-0301)\n\n### Action Taken\n\nIt is recommended that all instances are upgraded to ownCloud Server 4.5.7 or 4.0.12.\n\n### Acknowledgements\n\nThe ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:\n\n * Lukas Reschke - ownCloud Inc. (lukas@owncloud.org) - Vulnerability discovery and disclosure.\n", "edition": 1, "modified": "2018-01-03T17:31:02", "published": "2013-02-20T17:30:13", "href": "https://owncloud.org/security/advisories/multiple-csrf-vulnerabilities/", "id": "OWNCLOUD:91E1ED0CD00191A83BB9CBCCFB368A1E", "type": "owncloud", "title": "Multiple CSRF vulnerabilities - ownCloud", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
