CVE-2015-6500
Last modified
CVE-2015-6500 is a vulnerability of currently unknown severity. Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.. EPSS estimates a 2.63% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud Server | 7.0.0 |
| Owncloud | Owncloud Server | 7.0.1 |
| Owncloud | Owncloud Server | 7.0.2 |
| Owncloud | Owncloud Server | 7.0.3 |
| Owncloud | Owncloud Server | 7.0.4 |
| Owncloud | Owncloud Server | 7.0.5 |
| Owncloud | Owncloud Server | 7.0.6 |
| Owncloud | Owncloud Server | 7.0.7 |
| Owncloud | Owncloud Server | 8.0.0 |
| Owncloud | Owncloud Server | 8.0.2 |
| Owncloud | Owncloud Server | 8.0.3 |
| Owncloud | Owncloud Server | 8.0.4 |
| Owncloud | Owncloud Server | 8.0.5 |
| Owncloud | Owncloud Server | 8.1.0 |
References
- https://owncloud.org/security/advisory/?id=oc-sa-2015-014Vendor Advisory
- https://owncloud.org/security/advisory/?id=oc-sa-2015-014Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-6500?
How severe is CVE-2015-6500?
How do I fix CVE-2015-6500?
Are you affected by CVE-2015-6500?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST