CVE-2014-9044

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...

CVE-2014-9044

CVE-2014-9044 relates to ownCloud 7.x prior to 7.0.3, where the Asset Pipeline names the concatenated CSS/JS blob using an MD5 hash of the absolute file paths. This allowed an attacker to brute-force disclose the install path (e.g., /var/www/owncloud/). The root cause is the use of absolute paths...

CVE-2014-9044

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...

Local Path Disclosure when using Asset Pipeline - ownCloud

ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...

Server: Local Path Disclosure when using Asset Pipeline

ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...