ID de Prueba:	1.3.6.1.4.1.25623.1.0.805280
Categoría:	Web application abuses
Título:	ownCloud Multiple Vulnerabilities -02 (Feb 2015)
Resumen:	ownCloud is prone to multiple vulnerabilities.
Descripción:	Summary: ownCloud is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in the 'OC_Util::getUrlContent' function that is due to it allows redirects from other protocols (such as file://) - An error in the 'ldap_bind' function in libldap that is triggered when handling a password that contains NULL bytes. - The bookmark application does not validate input to bookmarks before returning it to users. - An error in the bookmarks application as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. Vulnerability Impact: Successful exploitation will allow remote attackers to perform a cross-site request forgery attack, execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, bypass authentication mechanisms and gain access to arbitrary local files. Affected Software/OS: ownCloud Server 5.x before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 Solution: Upgrade to ownCloud Server 5.0.18 or 6.0.6 or 7.0.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9046 Common Vulnerability Exposure (CVE) ID: CVE-2014-9043 Common Vulnerability Exposure (CVE) ID: CVE-2014-9042 Common Vulnerability Exposure (CVE) ID: CVE-2014-9041
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.