Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudOwnCloudOC-SA-2014-023
HistoryNov 25, 2014 - 3:00 p.m.

Server: Potential local file disclosure

2014-11-2515:00:00
owncloud.org
36

EPSS

0.002

Percentile

56.5%

JSON

ownCloud offers the OC_Util::getUrlContent() to developers. Using this function applications can download content from remote websites.

Due to a newly introduced bug in this functionality it was following redirects to other protocols such as file://. Thus, an attacker may be able to gain access to local files stored on the ownCloud instance.

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0

Related

prion 1
cve 1
cvelist 1
owncloud 1
nvd 1
openvas 1
prion
prion
Design/Logic Flaw
2015-02-04 18:59:00
cve
cve
CVE-2014-9046
2015-02-04 18:59:06
cvelist
cvelist
CVE-2014-9046
2015-02-04 18:00:00
owncloud
owncloud
Potential local file disclosure - ownCloud
2014-11-25 18:38:43
nvd
nvd
CVE-2014-9046
2015-02-04 18:59:06
openvas
openvas
ownCloud Multiple Vulnerabilities -02 (Feb 2015)
2015-02-19 00:00:00

EPSS

0.002

Percentile

56.5%

JSON
Related for OC-SA-2014-023
prion1cve1cvelist1owncloud1nvd1openvas1