Description

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Remediation

References

CVE-2014-9049

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2004-0956)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2404)

WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029)

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-42040)

Severity

Medium

Classification

CVE-2014-9049 CWE-200

Tags

Missing Update Known Vulnerabilities