Description
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
Remediation
References
Related Vulnerabilities
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6819)
Zope Web Application Server Other Vulnerability (CVE-2005-3323)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)