Summary
The host is installed with ownCloud and
is prone to path disclosure vulnerability
Impact
Successful exploitation will allow remote
attackers to conduct a brute-force attack and gain access to the the installation path of the program.
Impact Level: Application
Solution
Upgrade to ownCloud Server 7.0.3 or later.
For updates refer to http://owncloud.org
Insight
The error exists due to flaw in the Asset
Pipeline feature due to the program is generating files on the local filesystem with a filename that is created by hashing the original CSS and JS absolute file paths using MD5.
Affected
ownCloud Server 7.x before 7.0.3
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9044 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities