Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudOwnCloudOC-SA-2014-001
HistoryJul 03, 2014 - 2:00 a.m.

Server: Session Fixation

2014-07-0302:00:00
owncloud.org
38

EPSS

0.005

Percentile

76.0%

JSON

Due to authenticating a user without invalidating any existing session identifier an attacker has the opportunity to steal authenticated sessions. A successful exploit requires that PHP is configured to accept session parameters via GET.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0

Related

owncloud 7
nvd 1
openvas 1
cvelist 1
cve 1
ubuntucve 1
prion 1
owncloud
owncloud
Session Fixation - ownCloud
2014-07-03 18:17:28
Insecure Flash Cross Domain policies - ownCloud
2014-07-03 18:18:59
Server: LDAP injection
2014-07-03 02:00:00
nvd
nvd
CVE-2014-2047
2014-03-14 16:55:05
openvas
openvas
ownCloud Session Fixation Vulnerability
2014-05-06 00:00:00
cvelist
cvelist
CVE-2014-2047
2014-03-14 16:00:00
cve
cve
CVE-2014-2047
2014-03-14 16:55:05
ubuntucve
ubuntucve
CVE-2014-2047
2014-03-14 00:00:00
prion
prion
Session fixation
2014-03-14 16:55:00

EPSS

0.005

Percentile

76.0%

JSON
Related for OC-SA-2014-001
owncloud7nvd1openvas1cvelist1cve1ubuntucve1prion1