2 matches found
ownCloud Asset Pipeline Feature Remote Path Disclosure Vulnerability (oC-SA-2014-021)
ownCloud is prone to a path disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...
CVE-2014-9044
CVE-2014-9044 relates to ownCloud 7.x prior to 7.0.3, where the Asset Pipeline names the concatenated CSS/JS blob using an MD5 hash of the absolute file paths. This allowed an attacker to brute-force disclose the install path (e.g., /var/www/owncloud/). The root cause is the use of absolute paths...