Lucene search
OwnCloudOC-SA-2016-002HistoryJan 06, 2016 - 1:40 a.m.
Server: Information Exposure Through Directory Listing in the file scanner
2016-01-0601:40:33
owncloud.org
30
0.004 Low
EPSS
Percentile
75.0%
Due to an incorrect usage of an ownCloud internal file system function the passed path to the file scanner was resolved relatively. An authenticated adversary may thus be able to get a listing of files existing on the filesystem. However, it is not possible to access any of these files.
This causes a massive server load and thus an enumeration of the whole server content is unlikely due to the high risk of Denial of Service.
For a more technical description please take a look at the advisory of the reporter.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 8.0.10 | |
| owncloud server | lt | 8.1.5 | |
| owncloud server | lt | 8.2.2 |
Related
hackerone
hackerone
ownCloud: Information Exposure Through Directory Listing
2016-01-14 12:42:43
openvas
openvas
ownCloud Information Exposure Vulnerability (Feb 2016) - Windows
2016-03-02 00:00:00
ownCloud Information Exposure Vulnerability (Feb 2016) - Linux
2016-03-02 00:00:00
Mageia: Security Advisory (MGASA-2016-0040)
2016-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2016-1499
2016-01-08 00:00:00
cve
cve
CVE-2016-1499
2016-01-08 21:59:07
owncloud
owncloud
prion
prion
Information disclosure
2016-01-08 21:59:00
packetstorm
packetstorm
ownCloud 8.2.1 / 8.1.4 / 8.0.9 Information Exposure
2016-01-07 00:00:00
cvelist
cvelist
CVE-2016-1499
2016-01-08 21:00:00
nvd
nvd
CVE-2016-1499
2016-01-08 21:59:07
freebsd
freebsd
owncloud -- multiple vulnerabilities
2015-12-23 00:00:00
nessus
nessus
mageia
mageia
Updated owncloud packages fix security vulnerability
2016-01-29 14:02:50