Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudLukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:BF3E0F0E976A6C473C0B7F1473B46037
HistoryApr 11, 2013 - 6:04 p.m.

Local file disclosure when running on Windows - ownCloud

2013-04-1118:04:08
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
37

EPSS

0.002

Percentile

55.5%

JSON

Due to not rejecting "" as path separator in all ownCloud versions prior to 5.0.4 including the 4.x branch an authenticated remote attacker is able to download arbitrary files from the server when running under Windows.

This vulnerability exists inside our used DAV implementation “SabreDAV” and was found by the ownCloud security team. SabreDAV released fixed versions to address this problem.

Affected Software

  • ownCloud Server < 5.0.4 (CVE-2013-1939)
  • ownCloud Server < 4.5.9 (CVE-2013-1939)
  • ownCloud Server < 4.0.14 (CVE-2013-1939)

Action Taken

It is recommended that all instances are upgraded to ownCloud Server 5.0.4, 4.5.9 or 4.0.14.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.

Related

openvas 5
prion 1
nvd 1
friendsofphp 2
osv 1
nessus 3
fedora 3
owncloud 1
github 1
cvelist 1
cve 1
ubuntucve 1
debiancve 1
openvas
openvas
Fedora Update for php-sabredav-Sabre_DAV FEDORA-2013-7285
2013-05-13 00:00:00
Fedora Update for php-sabredav-Sabre_DAV FEDORA-2013-7285
2013-05-13 00:00:00
ownCloud 'SabreDAV' Local File Disclosure Vulnerability (oC-SA-2013-016) - Windows
2014-05-08 00:00:00
prion
prion
Path traversal
2014-03-14 16:55:00
nvd
nvd
CVE-2013-1939
2014-03-14 16:55:04
friendsofphp
friendsofphp
Local file exposure on Windows installations
2013-04-11 10:24:15
Local file exposure on Windows installations
2013-04-11 10:24:15
osv
osv
SabreDAV Directory Traversal vulnerability
2022-05-14 01:52:20
nessus
nessus
Fedora 18 : php-sabredav-Sabre_DAV-1.6.5-5.fc18 (2013-7289)
2013-05-13 00:00:00
Fedora 17 : php-sabredav-Sabre_DAV-1.6.5-5.fc17 (2013-7285)
2013-05-13 00:00:00
Fedora 19 : php-sabredav-Sabre_DAV-1.6.5-5.fc19 (2013-7253)
2013-05-11 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc19
2013-05-11 03:13:49
[SECURITY] Fedora 17 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc17
2013-05-12 01:50:13
[SECURITY] Fedora 18 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc18
2013-05-12 01:51:10
owncloud
owncloud
Server: Local file disclosure when running on Windows
2013-04-11 11:42:22
github
github
SabreDAV Directory Traversal vulnerability
2022-05-14 01:52:20
cvelist
cvelist
CVE-2013-1939
2014-03-14 16:00:00
cve
cve
CVE-2013-1939
2014-03-14 16:55:04
ubuntucve
ubuntucve
CVE-2013-1939
2014-03-14 00:00:00
debiancve
debiancve
CVE-2013-1939
2014-03-14 16:55:04

EPSS

0.002

Percentile

55.5%

JSON
Related for OWNCLOUD:BF3E0F0E976A6C473C0B7F1473B46037
openvas5prion1nvd1friendsofphp2osv1nessus3fedora3owncloud1github1cvelist1cve1ubuntucve1debiancve1