Description

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Remediation

References

CVE-2016-9468

Related Vulnerabilities

MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)

GlassFish CVE-2017-10393 Vulnerability (CVE-2017-10393)

PHP Out-of-bounds Read Vulnerability (CVE-2017-11147)

WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)

Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)

Severity

Medium

Classification

CVE-2016-9468 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities