CVE-2016-9468

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-03-2017 04:59

Last modified: - 27-09-2022 04:04

Total changes: - 2

Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

5.3

Base score

3.9

1.4

Exploitability score

Impact score

Verification logic

Reference

https://owncloud.org/security/advisory/?id=oc-sa-2016-021
https://nextcloud.com/security/advisory/?id=nc-sa-2016-011
https://hackerone.com/reports/149798
https://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35
https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e
https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e
https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f

Keywords

CVE-2016-9468

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-9468

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures