Vulnerabilities > CVE-2014-2055 - XML External Entity Injection vulnerability in SabreDAV

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
fruux
owncloud

Summary

SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. Per: http://cwe.mitre.org/data/definitions/611.html "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"