Lucene search

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:78BA9CF860D4B89C5542F14D0E0FD1B0

HistoryJul 03, 2014 - 6:21 p.m.

Host Header Poisoning - ownCloud

2014-07-0318:21:29

Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.

owncloud.org

0.006 Low

EPSS

Percentile

78.5%

JSON

Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software (e.g. antivirus) is accessing the link the attacker is able to reset the user password.

Affected Software

ownCloud Server < 6.0.2 (CVE-2014-2047)
ownCloud Server < 5.0.15 (CVE-2014-2049)

Action Taken

The new ‘trusted_domain’ setting has been introduced in which all domains from which ownCloud should be accessible has to be specified. A default configuration can be found in config/config.sample.php.

ownCloud will add this configuration setting on its own during an update or a fresh installation using the currently used domain.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.

CPENameOperatorVersion
owncloud serverlt5.0.15
owncloud serverlt6.0.2

CPE	Name	Operator	Version
	owncloud server	lt	5.0.15
	owncloud server	lt	6.0.2

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for OWNCLOUD:78BA9CF860D4B89C5542F14D0E0FD1B0

owncloud7 prion2 cve2 openvas2 ubuntucve2 cvelist2 nvd2