OwnCloud 'contacts' Security Bypass Vulnerability - May14 Network Vulnerability

Summary

This host is installed with ownCloud and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to bypass security restrictions and download contacts of arbitrary users. Impact Level: Application

Solution

Upgrade to ownCloud version 4.5.10 or 5.0.5 or later, For updates refer to http://owncloud.org

Insight

The flaw is due to the Contact application failing to properly check the ownership of a single contact.

Affected

ownCloud Server before version 4.5.10 and 5.x before version 5.0.5

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://owncloud.org/about/security/advisories/oC-SA-2013-018
http://seclists.org/oss-sec/2013/q2/133

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-1963

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Tomcat source.jsp malformed request information disclosure
Apache Open For Business HTML injection vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities

ownCloud 'contacts' Security Bypass Vulnerability - May14

Take action and discover your vulnerabilities