Test ID:	1.3.6.1.4.1.25623.1.0.805280
Category:	Web application abuses
Title:	ownCloud Multiple Vulnerabilities -02 (Feb 2015)
Summary:	ownCloud is prone to multiple vulnerabilities.
Description:	Summary: ownCloud is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in the 'OC_Util::getUrlContent' function that is due to it allows redirects from other protocols (such as file://) - An error in the 'ldap_bind' function in libldap that is triggered when handling a password that contains NULL bytes. - The bookmark application does not validate input to bookmarks before returning it to users. - An error in the bookmarks application as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. Vulnerability Impact: Successful exploitation will allow remote attackers to perform a cross-site request forgery attack, execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, bypass authentication mechanisms and gain access to arbitrary local files. Affected Software/OS: ownCloud Server 5.x before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 Solution: Upgrade to ownCloud Server 5.0.18 or 6.0.6 or 7.0.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9046 Common Vulnerability Exposure (CVE) ID: CVE-2014-9043 Common Vulnerability Exposure (CVE) ID: CVE-2014-9042 Common Vulnerability Exposure (CVE) ID: CVE-2014-9041
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.