OwnCloud Cross Site Request Forgery Vulnerability -01 May14 Network Vulnerability

Summary

This host is installed with ownCloud and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow remote attackers to conduct cross-site request forgery attacks. Impact Level: Application

Solution

Upgrade to ownCloud version 4.0.12 or later, For updates refer to http://owncloud.org

Insight

The flaw exists due to insufficient validation of user-supplied input passed via the 'timezone' POST parameter to settimezone within /apps/calendar/ajax/settings.

Affected

ownCloud Server before version 4.0.12

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://owncloud.org/about/security/advisories/oC-SA-2013-004
http://seclists.org/oss-sec/2013/q1/378
http://www.osvdb.com/90492

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0301

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
AN Guestbook Local File Inclusion Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability

ownCloud Cross Site Request Forgery Vulnerability -01 May14

Take action and discover your vulnerabilities