PT-2014-4450 · Owncloud+1 · Owncloud+1
Published
2014-03-14
·
Updated
2014-03-25
·
CVE-2014-2047
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ownCloud versions prior to 6.0.2
Description
A session fixation issue allows remote attackers to hijack web sessions when PHP is configured to accept session parameters through a GET request.
Recommendations
For ownCloud versions prior to 6.0.2, update to version 6.0.2 or later to resolve the issue. As a temporary workaround, consider configuring PHP to not accept session parameters through GET requests.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php
Owncloud