Lucene search

K

Ubuntu.comUB:CVE-2013-1939

HistoryMar 14, 2014 - 12:00 a.m.

CVE-2013-1939

2014-03-1400:00:00

ubuntu.com

ubuntu.com

8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

55.5%

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and
1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not
properly check path separators in the base path, which allows remote
attackers to read arbitrary files via a \ (backslash) character.

Notes

Author	Note
jdstrand	per Debian, Windows only

References

owncloud.org/about/security/advisories/oC-SA-2013-016/

launchpad.net/bugs/cve/CVE-2013-1939

nvd.nist.gov/vuln/detail/CVE-2013-1939

security-tracker.debian.org/tracker/CVE-2013-1939

www.cve.org/CVERecord?id=CVE-2013-1939

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

55.5%

Related for UB:CVE-2013-1939

openvas5 prion1 nvd1 owncloud2 friendsofphp2 osv1 nessus3 fedora3 github1 debiancve1 cvelist1 cve1