Summary
The host is installed with ownCloud and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
remote attackers to gain access to arbitrary local files, gain access to session ID information and recently edited documents of every existing user and bypass the password-protection gaining access to shared files.
Impact Level: Application
Solution
Upgrade to ownCloud Server 6.0.6 or 7.0.3
or later. For updates refer to http://owncloud.org
Insight
Multiple errors exists due to,
- Multiple unspecified flaws related to the 'enable_previews' switch in the config.php script.
- Two flaws in the Documents application that is due to the persistence of an unspecified legacy API method and missing access controls in the API.
Affected
ownCloud Server 6.x before 6.0.6 and
7.x before 7.0.3
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-9047, CVE-2014-9048, CVE-2014-9049 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- AN Guestbook Local File Inclusion Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities