Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:5C099984E9E3FA02D1CF391D09EDA551HistoryJul 03, 2014 - 6:22 p.m.
LDAP injection - ownCloud
2014-07-0318:22:11
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
29
EPSS
0.006
Percentile
78.5%
Due to not properly sanitizing the LDAP queries an attacker is able to:
- Gain information about existing LDAP users
- Modify the login query, e.g. with a wildcard
Affected Software
- ownCloud Server < 6.0.2 (CVE-2014-2047)
- ownCloud Server < 5.0.15 (CVE-2014-2049)
Action Taken
All LDAP queries have been reviewed and proper sanitization added.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
Related
owncloud
owncloud
Server: LDAP injection
2014-07-03 02:00:00
Server: Host Header Poisoning
2014-07-03 02:00:00
Insecure Flash Cross Domain policies - ownCloud
2014-07-03 18:18:59
prion
prion
Cross site scripting
2014-03-14 16:55:00
Session fixation
2014-03-14 16:55:00
cvelist
cvelist
CVE-2014-2049
2014-03-14 16:00:00
CVE-2014-2047
2014-03-14 16:00:00
openvas
openvas
ownCloud Flash Cross-Domain Information Disclosure Vulnerability
2014-05-06 00:00:00
ownCloud Session Fixation Vulnerability
2014-05-06 00:00:00
nvd
nvd
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05
cve
cve
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05
ubuntucve
ubuntucve
CVE-2014-2049
2014-03-14 00:00:00
CVE-2014-2047
2014-03-14 00:00:00