Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4752

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4752
Last Modified 06 Sep 2012 12:09:47
Published 05 Sep 2012 07:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4752

Summary

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.

Vulnerable Systems

Application

  • Owncloud 3.0.0

  • Owncloud 3.0.1

  • Owncloud 3.0.2

  • Owncloud 3.0.3

  • Owncloud 4.0.0

  • Owncloud 4.0.1

  • Owncloud 4.0.2

  • Owncloud 4.0.3

  • Owncloud 4.0.4

  • Owncloud 4.0.5


References

CONFIRM - https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f

MLIST - [oss-security] 20120901 Re: CVE - ownCloud

MLIST - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa

CONFIRM - http://owncloud.org/changelog/


Last Updated: 27 May 2016 11:00:29