Summary
The host is installed with ownCloud and
is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote
attackers to conduct man-in-the-middle attack and spoof a valid host key bypassing authentication.
Impact Level: Application
Solution
Upgrade to ownCloud Server 6.0.5 or later.
For updates refer to http://owncloud.org
Insight
The error exists due to error in the SFTP
external storage driver that is triggered as RSA Host Keys are verified after logging in.
Affected
ownCloud Server 6.x before 6.0.5
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-5341 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- 3Com NBX VoIP NetSet Detection
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities