Summary
This host is installed with ownCloud and is prone to cross-site request forgery vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct cross-site request forgery attacks.
Impact Level: Application
Solution
Upgrade to ownCloud version 4.0.12 or later,
For updates refer to http://owncloud.org
Insight
The flaw exists due to insufficient validation of user-supplied input passed via the 'timezone' POST parameter to settimezone within /apps/calendar/ajax/settings.
Affected
ownCloud Server before version 4.0.12
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-0301 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability