Description

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Remediation

References

CVE-2014-2055

Related Vulnerabilities

WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.50)

WordPress Plugin Floating Chat Widget:Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button-Chaty SQL Injection (3.0.2)

Lighttpd Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3200)

Apache HTTP Server Other Vulnerability (CVE-2003-0189)

WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)

Severity

High

Classification

CVE-2014-2055

Tags

Missing Update Known Vulnerabilities