6 matches found
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq...
CVE-2015-4717
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service infinite loop and log file consumption via crafted endpoint...
CVE-2015-4717
CVE-2015-4717 affects ownCloud Server: the filename sanitization component fails to properly handle $_GET parameters cast to an array, allowing remote attackers to trigger a denial of service (infinite loop and log file consumption) via crafted endpoint file names. Affected versions are before 6....
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3373-1] owncloud security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq -...
Resource Exthaustion when sanitizing filenames - ownCloud
The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive. Affected Software ownCloud Server 6.0.8 CVE-2015-4717...