Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0040)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131202

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0040)

Resumen: The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2016-0040 advisory.

Descripción: Summary:
The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2016-0040 advisory.

Vulnerability Insight:
A Cross-site scripting (XSS) vulnerability in the OCS discovery provider
in ownCloud Server before 8.0.10 allows remote attackers to inject
arbitrary web script or HTML via the URL resulting in a reflected
Cross-Site-Scripting (CVE-2016-1498).

ownCloud Server before 8.0.10 allows remote authenticated users to obtain
sensitive information from a directory listing and possibly cause a denial
of service (CPU consumption) via the force parameter to
index.php/apps/files/ajax/scan.php (CVE-2015-1499).

ownCloud Server before 8.0.10, when the 'file_versions' application is
enabled, does not properly check the return value of getOwner, which
allows remote authenticated users to read the files with names starting
with '.v' and belonging to a sharing user by leveraging an incoming share
(CVE-2016-1500).

Affected Software/OS:
'owncloud' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1498
Common Vulnerability Exposure (CVE) ID: CVE-2016-1499
Bugtraq: 20160107 [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) (Google Search)
http://www.securityfocus.com/archive/1/537244/100/0/threaded
Bugtraq: 20160219 [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) (Google Search)
http://www.securityfocus.com/archive/1/537556/100/0/threaded
http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt
Common Vulnerability Exposure (CVE) ID: CVE-2016-1500

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131202
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0040)
Resumen:	The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2016-0040 advisory.
Descripción:	Summary: The remote host is missing an update for the 'owncloud' package(s) announced via the MGASA-2016-0040 advisory. Vulnerability Insight: A Cross-site scripting (XSS) vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting (CVE-2016-1498). ownCloud Server before 8.0.10 allows remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php (CVE-2015-1499). ownCloud Server before 8.0.10, when the 'file_versions' application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with '.v' and belonging to a sharing user by leveraging an incoming share (CVE-2016-1500). Affected Software/OS: 'owncloud' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1498 Common Vulnerability Exposure (CVE) ID: CVE-2016-1499 Bugtraq: 20160107 [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499) (Google Search) http://www.securityfocus.com/archive/1/537244/100/0/threaded Bugtraq: 20160219 [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) (Google Search) http://www.securityfocus.com/archive/1/537556/100/0/threaded http://packetstormsecurity.com/files/135158/ownCloud-8.2.1-8.1.4-8.0.9-Information-Exposure.html https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt Common Vulnerability Exposure (CVE) ID: CVE-2016-1500
Copyright	Copyright (C) 2016 Greenbone AG