Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:F0B629EA79F9E7A16FD25513A3889B27HistoryJul 03, 2014 - 6:18 p.m.
Insecure Flash Cross Domain policies - ownCloud
2014-07-0318:18:59
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
28
0.006 Low
EPSS
Percentile
78.5%
Due to insecure Flash Cross Domain policies an attacker might gain access to stored files of the user.
Affected Software
- ownCloud Server < 6.0.2 (CVE-2014-2047)
- ownCloud Server < 5.0.15 (CVE-2014-2049)
Action Taken
All packaged Flash files have been audited whether they have potentially insecure Cross Domain policies and vulnerable files have been fixed.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 5.0.15 | |
| owncloud server | lt | 6.0.2 |
Related
owncloud
owncloud
Server: Insecure Flash Cross Domain policies
2014-07-03 02:00:00
Server: LDAP injection
2014-07-03 02:00:00
Server: Host Header Poisoning
2014-07-03 02:00:00
prion
prion
Cross site scripting
2014-03-14 16:55:00
Session fixation
2014-03-14 16:55:00
cve
cve
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05
openvas
openvas
ownCloud Flash Cross-Domain Information Disclosure Vulnerability
2014-05-06 00:00:00
ownCloud Session Fixation Vulnerability
2014-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-2049
2014-03-14 00:00:00
CVE-2014-2047
2014-03-14 00:00:00
cvelist
cvelist
CVE-2014-2049
2014-03-14 16:00:00
CVE-2014-2047
2014-03-14 16:00:00
nvd
nvd
CVE-2014-2049
2014-03-14 16:55:05
CVE-2014-2047
2014-03-14 16:55:05