CVE-2015-6500

Published Oct 26, 2015

Last updated 7 years ago

Overview

Description: Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 7.8
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E1941F4-D2B5-4633-A934-FBD126B72D1C"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22EBDD6A-804F-44E8-A516-61760B5D447B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF6F676-1C9E-4F33-8E91-BC41E42CEE57"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBF3DCFD-3264-4315-947E-0D2725E3BFEA"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C26782F8-FE62-4B2D-B0C9-81EFFE395D6F"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5945851-35B8-4509-92C7-CF706C794266"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7F58319-DE37-4307-9D60-BDFC27D6826B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:7.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AD03A74-6F1D-43EC-BC93-F2AF2467F6D2"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C45645-3A99-4E08-952A-EEBFE35AC70E"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AFD0FA9-F12F-46A2-90F4-B48310A7ED0D"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18316B-E0DF-4693-AD3A-8C923965931B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66A3C5DA-52BA-4B86-A7A1-BEAE730E80E7"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "453D8D0E-B385-4A8F-9D01-CDE38E6C1D4B"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "644C5331-A967-497D-A7ED-919F5988C8E8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References