Lucene search
OwnCloudOC-SA-2014-004HistoryJul 03, 2014 - 2:00 a.m.
Server: Host Header Poisoning
2014-07-0302:00:00
owncloud.org
19
0.006 Low
EPSS
Percentile
78.5%
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software (e.g. antivirus) is accessing the link the attacker is able to reset the user password.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.15 | |
| owncloud server | lt | 6.0.2 |
Related
owncloud
owncloud
Server: Insecure Flash Cross Domain policies
2014-07-03 02:00:00
Insecure Flash Cross Domain policies - ownCloud
2014-07-03 18:18:59
Server: LDAP injection
2014-07-03 02:00:00
prion
prion
Cross site scripting
2014-03-14 16:55:00
Session fixation
2014-03-14 16:55:00
cve
cve
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05
openvas
openvas
ownCloud Flash Cross-Domain Information Disclosure Vulnerability
2014-05-06 00:00:00
ownCloud Session Fixation Vulnerability
2014-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-2049
2014-03-14 00:00:00
CVE-2014-2047
2014-03-14 00:00:00
cvelist
cvelist
CVE-2014-2049
2014-03-14 16:00:00
CVE-2014-2047
2014-03-14 16:00:00
nvd
nvd
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05