CVE-2016-9461 (GCVE-0-2016-9461)

Vulnerability from cvelistv5 – Published: 2017-03-28 02:46 – Updated: 2024-08-06 02:50
VLAI?
Summary
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Severity ?
No CVSS data available.
CWE
  • CWE-275 - Permission Issues (CWE-275)
Assigner
References
Impacted products
Vendor Product Version
n/a Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 Affected: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.345Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
          },
          {
            "name": "97276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97276"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/145950"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-275",
              "description": "Permission Issues (CWE-275)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
        },
        {
          "name": "97276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97276"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/145950"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2016-9461",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Permission Issues (CWE-275)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014",
              "refsource": "MISC",
              "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"
            },
            {
              "name": "97276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97276"
            },
            {
              "name": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"
            },
            {
              "name": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"
            },
            {
              "name": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"
            },
            {
              "name": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"
            },
            {
              "name": "https://hackerone.com/reports/145950",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/145950"
            },
            {
              "name": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2016-9461",
    "datePublished": "2017-03-28T02:46:00",
    "dateReserved": "2016-11-19T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.52\", \"matchCriteriaId\": \"DC479D9A-DAEB-42B6-98D7-0A417B34359D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.4\", \"matchCriteriaId\": \"3FAD2663-CE0E-4AB0-90C5-D47124458AAC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.\"}, {\"lang\": \"es\", \"value\": \"Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 no est\\u00e1n verificando correctamente los permisos de comprobaci\\u00f3n de edici\\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\\u00f3n WebDAV COPY. Esto permiti\\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\\u00ed nuevos archivos. No fue posible modificar los archivos existentes.\"}]",
      "id": "CVE-2016-9461",
      "lastModified": "2024-11-21T03:01:15.790",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-03-28T02:59:00.840",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/97276\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/145950\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-004\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-014\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/145950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://nextcloud.com/security/advisory/?id=nc-sa-2016-004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://owncloud.org/security/advisory/?id=oc-sa-2016-014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-275\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9461\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2017-03-28T02:59:00.840\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.\"},{\"lang\":\"es\",\"value\":\"Nextcloud Server en versiones anteriores a 9.0.52 \u0026 ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los permisos de comprobaci\u00f3n de edici\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\u00f3n WebDAV COPY. Esto permiti\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\u00ed nuevos archivos. No fue posible modificar los archivos existentes.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-275\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.52\",\"matchCriteriaId\":\"DC479D9A-DAEB-42B6-98D7-0A417B34359D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.4\",\"matchCriteriaId\":\"3FAD2663-CE0E-4AB0-90C5-D47124458AAC\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97276\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/145950\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-004\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-014\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/145950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://nextcloud.com/security/advisory/?id=nc-sa-2016-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://owncloud.org/security/advisory/?id=oc-sa-2016-014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.