OwnCloud 'files_external' RSA Key Validation Information Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with ownCloud and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to conduct man-in-the-middle attack and spoof a valid host key bypassing authentication. Impact Level: Application

Solution

Upgrade to ownCloud Server 6.0.5 or later. For updates refer to http://owncloud.org

Insight

The error exists due to error in the SFTP external storage driver that is triggered as RSA Host Keys are verified after logging in.

Affected

ownCloud Server 6.x before 6.0.5

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/111917
https://owncloud.org/security/advisory/?id=oc-sa-2014-019

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-5341

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Open For Business HTML injection vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

ownCloud 'files_external' RSA Key Validation Information Disclosure Vulnerability

Take action and discover your vulnerabilities