Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:587C84D33C7FB01C68D5A073C4C96BEABypass of file blacklist on Microsoft Windows Platform - ownCloud
0.003 Low
EPSS
Percentile
65.1%
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files.
An attacker could leverage this bypass by uploading a .htaccess and execute arbitrary PHP code if the /data/ directory is stored inside the webroot and a webserver that interprets .htaccess files is used (e.g. Apache)
ownCloud always recommends to move the data directory outside of the web root.
Affected Software
- ownCloud Server < 7.0.5 (CVE-2015-3013)
- ownCloud Server < 6.0.7 (CVE-2015-3013)
- ownCloud Server < 5.0.19 (CVE-2015-3013)
Action Taken
The blacklist bypass has been fixed and unit tests has been added to prevent future regressions.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.19 | |
| owncloud server | lt | 7.0.5 | |
| owncloud server | lt | 6.0.7 |
Related
