Lucene search

Ubuntu.comUB:CVE-2012-5607

HistoryDec 18, 2012 - 12:00 a.m.

CVE-2012-5607

2012-12-1800:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON

The “Lost Password” reset functionality in ownCloud before 4.0.9 and 4.5.0
does not properly check the security token, which allows remote attackers
to change an accounts password via unspecified vectors related to a “Remote
Timing Attack.”

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693990>

Notes

Author	Note
mdeslaur	owncloud packages in Ubuntu are now empty

OSVersionArchitecturePackageVersionFilename
ubuntu12.10noarchowncloud< 4.0.8debian-1.1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.10	noarch	owncloud	< 4.0.8debian-1.1ubuntu0.1	UNKNOWN

References

owncloud.org/security/advisories/oc-sa-2012-002/

www.openwall.com/lists/oss-security/2012/11/30

www.openwall.com/lists/oss-security/2012/11/30/2

launchpad.net/bugs/cve/CVE-2012-5607

nvd.nist.gov/vuln/detail/CVE-2012-5607

security-tracker.debian.org/tracker/CVE-2012-5607

www.cve.org/CVERecord?id=CVE-2012-5607

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for UB:CVE-2012-5607