CVE-2015-4717

Name of the Vulnerable Software and Affected Versions ownCloud Server versions 6.0.0 through 6.0.7 ownCloud Server versions 7.0.0 through 7.0.5 ownCloud Server versions 8.0.0 through 8.0.3

Description The issue is related to the filename sanitization component, which does not properly handle $ GET parameters cast by PHP to an array. This allows remote attackers to cause a denial of service via crafted endpoint file names, resulting in an infinite loop and log file consumption.

Recommendations For ownCloud Server versions 6.0.0 through 6.0.7, update to version 6.0.8 or later. For ownCloud Server versions 7.0.0 through 7.0.5, update to version 7.0.6 or later. For ownCloud Server versions 8.0.0 through 8.0.3, update to version 8.0.4 or later.