Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9041

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9041
Last Modified 05 Feb 2015 09:19:27
Published 04 Feb 2015 01:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9041

Summary

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

Vulnerable Systems

Application

  • Owncloud 5.0.0

  • Owncloud 5.0.1

  • Owncloud 5.0.10

  • Owncloud 5.0.11

  • Owncloud 5.0.12

  • Owncloud 5.0.13

  • Owncloud 5.0.14

  • Owncloud 5.0.15

  • Owncloud 5.0.16

  • Owncloud 5.0.17

  • Owncloud 5.0.2

  • Owncloud 5.0.3

  • Owncloud 5.0.4

  • Owncloud 5.0.5

  • Owncloud 5.0.6

  • Owncloud 5.0.7

  • Owncloud 5.0.8

  • Owncloud 5.0.9

  • Owncloud 6.0.0

  • Owncloud 6.0.1

  • Owncloud 6.0.2

  • Owncloud 6.0.3

  • Owncloud 6.0.4

  • Owncloud 6.0.5

  • Owncloud 7.0.0

  • Owncloud 7.0.1

  • Owncloud 7.0.2


References

CONFIRM - https://owncloud.org/security/advisory/?id=oc-sa-2014-027


Last Updated: 27 May 2016 11:07:42