Vulnerabilities > CVE-2016-1499 - Resource Management Errors vulnerability in Owncloud
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
HIGH Summary
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_3166222BC6A411E596D614DAE9D210B8.NASL |
description | Owncloud reports : - Reflected XSS in OCS provider discovery (oC-SA-2016-001) - Information Exposure Through Directory Listing in the file scanner (oC-SA-2016-002) - Disclosure of files that begin with |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 88500 |
published | 2016-02-01 |
reporter | This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/88500 |
title | FreeBSD : owncloud -- multiple vulnerabilities (3166222b-c6a4-11e5-96d6-14dae9d210b8) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/135158/SYSS-2015-062.txt |
id | PACKETSTORM:135158 |
last seen | 2016-12-05 |
published | 2016-01-07 |
reporter | Dr. Erlijn van Genuchten |
source | https://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html |
title | ownCloud 8.2.1 / 8.1.4 / 8.0.9 Information Exposure |
References
- http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html
- http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html
- http://www.securityfocus.com/archive/1/537244/100/0/threaded
- http://www.securityfocus.com/archive/1/537244/100/0/threaded
- http://www.securityfocus.com/archive/1/537556/100/0/threaded
- http://www.securityfocus.com/archive/1/537556/100/0/threaded
- https://owncloud.org/security/advisory/?id=oc-sa-2016-002
- https://owncloud.org/security/advisory/?id=oc-sa-2016-002
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt