Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4392

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4392
Last Modified 13 Sep 2012 12:00:00
Published 05 Sep 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4392

Summary

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Vulnerable Systems

Application

  • Owncloud 4.0.7


References

CONFIRM - https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

MLIST - [oss-security] 20120901 Re: CVE - ownCloud

MLIST - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa


Last Updated: 27 May 2016 11:00:28