PT-2017-10688 · Nextcloud · Nextcloud Server
Published
2017-04-05
·
Updated
2022-10-04
·
CVE-2017-0887
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 9.0.55
Nextcloud Server versions prior to 10.0.2
Description
The issue allows an authenticated adversary to bypass quota limitations due to improper sanitization of the
OC-Total-Length HTTP header values. This enables the adversary to exceed their configured user quota, using more space than allowed by the administrator.Recommendations
For Nextcloud Server versions prior to 9.0.55, update to version 9.0.55 or later.
For Nextcloud Server versions prior to 10.0.2, update to version 10.0.2 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nextcloud Server