Summary
This host is installed with ownCloud and is prone to session fixation vulnerability.
Impact
Successful exploitation will allow remote attackers to steal the authenticated sessions and gain unauthorized access.
Impact Level: Application
Solution
Upgrade to ownCloud version 6.0.2 or later,
For updates refer to http://owncloud.org
Insight
The flaw exists due to the application which while establishing a new session, does not invalidate an existing session identifier and assign a new one.
Affected
ownCloud Server 6.x before version 6.0.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2047 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability