PT-2015-4138 · Owncloud · Owncloud
Publicado
2015-02-04
·
Atualizado
2015-02-05
·
CVE-2014-9044
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ownCloud versions 7.0.0 through 7.0.2
Description
The issue allows remote attackers to obtain sensitive information via a brute force attack, due to the use of an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file in the Asset Pipeline.
Recommendations
For ownCloud versions 7.0.0 through 7.0.2, update to version 7.0.3 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Owncloud