ID OPENVAS:1361412562310804663 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2018-09-15T00:00:00
Description
This host is installed with ownCloud and is prone to unauthorized picture
preview access.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_owncloud_unauthorized_access_vuln.nasl 11402 2018-09-15 09:13:36Z cfischer $
#
# ownCloud Preview Picture Access Authentication Bypass Vulnerability
#
# Authors:
# Shakeel <bshakeel@secpod.com>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:owncloud:owncloud";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804663");
script_version("$Revision: 11402 $");
script_cve_id("CVE-2014-3963");
script_bugtraq_id(68194);
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $");
script_tag(name:"creation_date", value:"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)");
script_name("ownCloud Preview Picture Access Authentication Bypass Vulnerability");
script_tag(name:"summary", value:"This host is installed with ownCloud and is prone to unauthorized picture
preview access.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to the server failing to sufficiently check if an
authenticated user has access to preview pictures of other users");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to view other user's
pictures.");
script_tag(name:"affected", value:"ownCloud Server 6.0.x before 6.0.1");
script_tag(name:"solution", value:"Upgrade to ownCloud version 6.0.1 or later,
For updates refer to http://owncloud.org");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://owncloud.org/security/advisory/?id=oC-SA-2014-009");
script_xref(name:"URL", value:"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("gb_owncloud_detect.nasl");
script_mandatory_keys("owncloud/installed");
script_require_ports("Services/www", 80);
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!ownPort = get_app_port(cpe:CPE)){
exit(0);
}
if(!ownVer = get_app_version(cpe:CPE, port:ownPort)){
exit(0);
}
if(version_is_equal(version:ownVer, test_version:"6.0.0"))
{
security_message(port:ownPort);
exit(0);
}
{"id": "OPENVAS:1361412562310804663", "bulletinFamily": "scanner", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "published": "2014-07-03T00:00:00", "modified": "2018-09-15T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "cvelist": ["CVE-2014-3963"], "type": "openvas", "lastseen": "2018-09-17T13:37:46", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-3963"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "edition": 1, "enchantments": {}, "hash": "f340b2994d46b0c804e0b3451bfcfbcbb0acf678f67283da627623af58e2c213", "hashmap": [{"hash": "8855a2b16de80e779b487a7b73255739", "key": "cvelist"}, {"hash": "98d17dd7ac4786ced9d96202db45059c", "key": "sourceData"}, {"hash": "3549c7577835b805c98e79c714edc554", "key": "published"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "09ae137671c60eef5b3e6f1526907027", "key": "references"}, {"hash": "635a9ce88b0f80980172c5c68aea65e0", "key": "title"}, {"hash": "283e5cd4c7adf6df82d1c7dc5c47ed75", "key": "modified"}, {"hash": "42ecee640adf3fb3828f96e8310f876a", "key": "description"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f9e2718dd2fc85659c11ba2936424dcd", "key": "href"}, {"hash": "039db3b8eae7f1587ebf03f908801b0c", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "id": "OPENVAS:1361412562310804663", "lastseen": "2017-07-02T21:09:13", "modified": "2016-06-20T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310804663", "published": "2014-07-03T00:00:00", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 3554 2016-06-20 07:41:15Z benallard $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 3554 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-06-20 09:41:15 +0200 (Mon, 20 Jun 2016) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n tag_summary =\n\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to view other user's\npictures.\n\nImpact Level: Application\";\n\n tag_affected =\n\"ownCloud Server 6.0.x before 6.0.1\";\n\n tag_solution =\n\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n\n script_xref(name : \"URL\" , value : \"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name : \"URL\" , value : \"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_summary(\"Check the version of ownCloud is vulnerable or not\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nownPort = \"\";\nownVer = \"\";\n\n## get the port\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get version\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:09:13"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-3963"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "9ffcd7bd4a27f1594d9d24bd8e2265d4564cb3d607cb27b9044abc330f41e95f", "hashmap": [{"hash": "8855a2b16de80e779b487a7b73255739", "key": "cvelist"}, {"hash": "3549c7577835b805c98e79c714edc554", "key": "published"}, {"hash": "247e3e74151deb051bb07e106e21073b", "key": "modified"}, {"hash": "3f9a2e6274bc0876464f14c153d368b4", "key": "sourceData"}, {"hash": "09ae137671c60eef5b3e6f1526907027", "key": "references"}, {"hash": "635a9ce88b0f80980172c5c68aea65e0", "key": "title"}, {"hash": "42ecee640adf3fb3828f96e8310f876a", "key": "description"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f9e2718dd2fc85659c11ba2936424dcd", "key": "href"}, {"hash": "039db3b8eae7f1587ebf03f908801b0c", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "id": "OPENVAS:1361412562310804663", "lastseen": "2018-08-30T19:23:57", "modified": "2018-08-14T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310804663", "published": "2014-07-03T00:00:00", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 10953 2018-08-14 12:06:42Z mmartin $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 10953 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-14 14:06:42 +0200 (Tue, 14 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to view other user's\npictures.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"ownCloud Server 6.0.x before 6.0.1\");\n script_tag(name:\"solution\", value:\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name:\"URL\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:23:57"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-3963"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "735336dc9c64d687bbcb1d7dcdf050da746b425744ff81be121b20bc0652e44c", "hashmap": [{"hash": "8855a2b16de80e779b487a7b73255739", "key": "cvelist"}, {"hash": "3549c7577835b805c98e79c714edc554", "key": "published"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "09ae137671c60eef5b3e6f1526907027", "key": "references"}, {"hash": "635a9ce88b0f80980172c5c68aea65e0", "key": "title"}, {"hash": "42ecee640adf3fb3828f96e8310f876a", "key": "description"}, {"hash": "050a19a0870eb40c47da0f7b145a6109", "key": "sourceData"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "8f2565601bffefcf748c080bd09de292", "key": "modified"}, {"hash": "f9e2718dd2fc85659c11ba2936424dcd", "key": "href"}, {"hash": "039db3b8eae7f1587ebf03f908801b0c", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "id": "OPENVAS:1361412562310804663", "lastseen": "2017-07-28T10:48:22", "modified": "2017-07-13T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310804663", "published": "2014-07-03T00:00:00", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 6715 2017-07-13 09:57:40Z teissa $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n tag_summary =\n\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to view other user's\npictures.\n\nImpact Level: Application\";\n\n tag_affected =\n\"ownCloud Server 6.0.x before 6.0.1\";\n\n tag_solution =\n\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n\n script_xref(name : \"URL\" , value : \"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name : \"URL\" , value : \"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nownPort = \"\";\nownVer = \"\";\n\n## get the port\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get version\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-28T10:48:22"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-3963"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "0d9140a7d57206564a987ff57a3114aa099c7b1b80521da0fa95aa56f2dec885", "hashmap": [{"hash": "8855a2b16de80e779b487a7b73255739", "key": "cvelist"}, {"hash": "3549c7577835b805c98e79c714edc554", "key": "published"}, {"hash": "247e3e74151deb051bb07e106e21073b", "key": "modified"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "3f9a2e6274bc0876464f14c153d368b4", "key": "sourceData"}, {"hash": "09ae137671c60eef5b3e6f1526907027", "key": "references"}, {"hash": "635a9ce88b0f80980172c5c68aea65e0", "key": "title"}, {"hash": "42ecee640adf3fb3828f96e8310f876a", "key": "description"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f9e2718dd2fc85659c11ba2936424dcd", "key": "href"}, {"hash": "039db3b8eae7f1587ebf03f908801b0c", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "id": "OPENVAS:1361412562310804663", "lastseen": "2018-09-01T23:54:48", "modified": "2018-08-14T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310804663", "published": "2014-07-03T00:00:00", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 10953 2018-08-14 12:06:42Z mmartin $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 10953 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-14 14:06:42 +0200 (Tue, 14 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to view other user's\npictures.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"ownCloud Server 6.0.x before 6.0.1\");\n script_tag(name:\"solution\", value:\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name:\"URL\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:54:48"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-3963"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "This host is installed with ownCloud and is prone to unauthorized picture\npreview access.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "0d9140a7d57206564a987ff57a3114aa099c7b1b80521da0fa95aa56f2dec885", "hashmap": [{"hash": "8855a2b16de80e779b487a7b73255739", "key": "cvelist"}, {"hash": "3549c7577835b805c98e79c714edc554", "key": "published"}, {"hash": "247e3e74151deb051bb07e106e21073b", "key": "modified"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "3f9a2e6274bc0876464f14c153d368b4", "key": "sourceData"}, {"hash": "09ae137671c60eef5b3e6f1526907027", "key": "references"}, {"hash": "635a9ce88b0f80980172c5c68aea65e0", "key": "title"}, {"hash": "42ecee640adf3fb3828f96e8310f876a", "key": "description"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "f9e2718dd2fc85659c11ba2936424dcd", "key": "href"}, {"hash": "039db3b8eae7f1587ebf03f908801b0c", "key": "pluginID"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804663", "id": "OPENVAS:1361412562310804663", "lastseen": "2018-08-24T21:32:37", "modified": "2018-08-14T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310804663", "published": "2014-07-03T00:00:00", "references": ["http://owncloud.org/security/advisory/?id=oC-SA-2014-009", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 10953 2018-08-14 12:06:42Z mmartin $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 10953 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-14 14:06:42 +0200 (Tue, 14 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to view other user's\npictures.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"ownCloud Server 6.0.x before 6.0.1\");\n script_tag(name:\"solution\", value:\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name:\"URL\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "title": "ownCloud Preview Picture Access Authentication Bypass Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-24T21:32:37"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "8855a2b16de80e779b487a7b73255739"}, {"key": "cvss", "hash": "d51ef32ed9f96cdaef2754a447c9af65"}, {"key": "description", "hash": "42ecee640adf3fb3828f96e8310f876a"}, {"key": "href", "hash": "f9e2718dd2fc85659c11ba2936424dcd"}, {"key": "modified", "hash": "880f1765cac6f927550c7bfacc926b72"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "039db3b8eae7f1587ebf03f908801b0c"}, {"key": "published", "hash": "3549c7577835b805c98e79c714edc554"}, {"key": "references", "hash": "09ae137671c60eef5b3e6f1526907027"}, {"key": "reporter", "hash": "06df9aea2d851c3b10ab498f59f0777d"}, {"key": "sourceData", "hash": "985cbdbce2c5a237a96a48b9f1124368"}, {"key": "title", "hash": "635a9ce88b0f80980172c5c68aea65e0"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "a0b456a47367e8bbe7e5a979045148b83bf90612bfca41ed32c1bac7049a3ef8", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_owncloud_unauthorized_access_vuln.nasl 11402 2018-09-15 09:13:36Z cfischer $\n#\n# ownCloud Preview Picture Access Authentication Bypass Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:owncloud:owncloud\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804663\");\n script_version(\"$Revision: 11402 $\");\n script_cve_id(\"CVE-2014-3963\");\n script_bugtraq_id(68194);\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 11:13:36 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-03 16:32:28 +0530 (Thu, 03 Jul 2014)\");\n script_name(\"ownCloud Preview Picture Access Authentication Bypass Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with ownCloud and is prone to unauthorized picture\npreview access.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to the server failing to sufficiently check if an\nauthenticated user has access to preview pictures of other users\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to view other user's\npictures.\");\n script_tag(name:\"affected\", value:\"ownCloud Server 6.0.x before 6.0.1\");\n script_tag(name:\"solution\", value:\"Upgrade to ownCloud version 6.0.1 or later,\nFor updates refer to http://owncloud.org\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://owncloud.org/security/advisory/?id=oC-SA-2014-009\");\n script_xref(name:\"URL\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-3963.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_owncloud_detect.nasl\");\n script_mandatory_keys(\"owncloud/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ownPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!ownVer = get_app_version(cpe:CPE, port:ownPort)){\n exit(0);\n}\n\nif(version_is_equal(version:ownVer, test_version:\"6.0.0\"))\n{\n security_message(port:ownPort);\n exit(0);\n}\n", "naslFamily": "Web application abuses", "pluginID": "1361412562310804663"}
{"cve": [{"lastseen": "2016-09-03T20:32:56", "references": ["http://owncloud.org/about/security/advisories/oC-SA-2014-009/"], "edition": 1, "description": "ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.", "reporter": "NVD", "published": "2014-06-04T10:55:07", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2014-3963", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-3963"], "scanner": [], "modified": "2014-06-05T13:35:43", "cpe": ["cpe:/a:owncloud:owncloud:6.0.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3963", "id": "CVE-2014-3963", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}]}
