Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Remediation

References

CVE-2012-4392

Related Vulnerabilities

Python Integer Overflow or Wraparound Vulnerability (CVE-2010-1449)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29510)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37147)

WordPress Plugin Print-O-Matic Cross-Site Scripting (2.0.2)

Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)

Severity

High

Classification

CVE-2012-4392 CWE-287

Tags

Missing Update Known Vulnerabilities