CVE-2013-1939

Sažetak

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.

Reference

http://owncloud.org/about/security/advisories/oC-SA-2013-016/
https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ
http://owncloud.org/about/security/advisories/oC-SA-2013-016/
https://groups.google.com/forum/?fromgroups=#%21topic/sabredav-discuss/ehOUu7wTSGQ

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

31-03-2025 - 11:54

Objavljeno

14-03-2014 - 16:55