OwnCloud Session Fixation Vulnerability Network Vulnerability

Summary

This host is installed with ownCloud and is prone to session fixation vulnerability.

Impact

Successful exploitation will allow remote attackers to steal the authenticated sessions and gain unauthorized access. Impact Level: Application

Solution

Upgrade to ownCloud version 6.0.2 or later, For updates refer to http://owncloud.org

Insight

The flaw exists due to the application which while establishing a new session, does not invalidate an existing session identifier and assign a new one.

Affected

ownCloud Server 6.x before version 6.0.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://owncloud.org/about/security/advisories/oC-SA-2014-001
http://www.osvdb.com/104480

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2047

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities

ownCloud Session Fixation Vulnerability

Take action and discover your vulnerabilities