Description

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Remediation

References

CVE-2014-9049

Related Vulnerabilities

MySQL CVE-2022-21326 Vulnerability (CVE-2022-21326)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)

IBM RTC Improper Input Validation Vulnerability (CVE-2015-1928)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-0541)

Oracle Application Server CVE-2006-3706 Vulnerability (CVE-2006-3706)

Severity

Medium

Classification

CVE-2014-9049 CWE-200

Tags

Missing Update Known Vulnerabilities