Summary
This host is installed with ownCloud and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to gain information about existing LDAP users and potentially modify the login query, read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Impact Level: Application
Solution
Upgrade to ownCloud version 5.0.15 or 6.0.2 or later, For updates refer to http://owncloud.org
Insight
Multiple flaws exist due to,
- The program fails to properly sanitize LDAP queries.
- An incorrectly configured XML parser accepting XML external entities from an untrusted source
Affected
ownCloud Server 5.0.x before 5.0.15 and 6.0.x before 6.0.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-2051, CVE-2014-2053, CVE-2014-2054, CVE-2014-2055, CVE-2014-2056 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- A Really Simple Chat Multiple SQL Injection Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014