WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Improper Authentication Vulnerability (CVE-2014-9043)

Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Remediation

References

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2004-0547)

TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)

Drupal Core 9.2.x Cross-Site Request Forgery (9.2.0 - 9.2.5)

MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-32036)

MediaWiki Improper Privilege Management Vulnerability (CVE-2018-0503)

Severity

Medium

Classification

CVE-2014-9043 CWE-287

Tags

Missing Update Known Vulnerabilities