Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5865)

Description

The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.

Remediation

References

Related Vulnerabilities

WordPress Plugin Filter & Grids Local File Inclusion (2.8.32)

MediaWiki Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4571)

WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)

WordPress Plugin AI ChatBot Cross-Site Scripting (4.9.6)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)

Severity

Low

Classification

CVE-2017-5865 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities