Lucene search
GoogleOSV:GHSA-QG5V-JW6F-RPFJHistoryMay 14, 2022 - 1:52 a.m.
SabreDAV Directory Traversal vulnerability
2022-05-1401:52:20
Google
osv.dev
3
sabredav
directory traversal
vulnerability
html\browser plugin
windows
remote attackers
arbitrary files
backslash character
owncloud
EPSS
0.002
Percentile
55.5%
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
References
owncloud.org/about/security/advisories/oC-SA-2013-016
github.com/FriendsOfPHP/security-advisories/blob/master/sabre/dav/CVE-2013-1939.yaml
github.com/sabre-io/dav
groups.google.com/forum/?fromgroups=#!topic/sabredav-discuss/ehOUu7wTSGQ
groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ
nvd.nist.gov/vuln/detail/CVE-2013-1939
Related
prion
prion
Path traversal
2014-03-14 16:55:00
openvas
openvas
Fedora Update for php-sabredav-Sabre_DAV FEDORA-2013-7285
2013-05-13 00:00:00
Fedora Update for php-sabredav-Sabre_DAV FEDORA-2013-7289
2013-05-13 00:00:00
Fedora Update for php-sabredav-Sabre_DAV FEDORA-2013-7285
2013-05-13 00:00:00
nvd
nvd
CVE-2013-1939
2014-03-14 16:55:04
owncloud
owncloud
Local file disclosure when running on Windows - ownCloud
2013-04-11 18:04:08
Server: Local file disclosure when running on Windows
2013-04-11 11:42:22
friendsofphp
friendsofphp
Local file exposure on Windows installations
2013-04-11 10:24:15
Local file exposure on Windows installations
2013-04-11 10:24:15
nessus
nessus
Fedora 18 : php-sabredav-Sabre_DAV-1.6.5-5.fc18 (2013-7289)
2013-05-13 00:00:00
Fedora 19 : php-sabredav-Sabre_DAV-1.6.5-5.fc19 (2013-7253)
2013-05-11 00:00:00
Fedora 17 : php-sabredav-Sabre_DAV-1.6.5-5.fc17 (2013-7285)
2013-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc19
2013-05-11 03:13:49
[SECURITY] Fedora 17 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc17
2013-05-12 01:50:13
[SECURITY] Fedora 18 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc18
2013-05-12 01:51:10
github
github
SabreDAV Directory Traversal vulnerability
2022-05-14 01:52:20
ubuntucve
ubuntucve
CVE-2013-1939
2014-03-14 00:00:00
debiancve
debiancve
CVE-2013-1939
2014-03-14 16:55:04
cvelist
cvelist
CVE-2013-1939
2014-03-14 16:00:00
cve
cve
CVE-2013-1939
2014-03-14 16:55:04