CVE-2014-2055

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-2055
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://owncloud.org/about/security/advisories/oC-SA-2014-006/ Vendor Advisory
https://github.com/fruux/sabre-dav/releases/tag/1.7.11
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:6.0.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:*:a:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud:5.0.14:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-06-04 14:55

Updated : 2014-06-04 18:38

NVD link : CVE-2014-2055

Mitre link : CVE-2014-2055

CVE.ORG link : CVE-2014-2055

JSON object : View

Products Affected

fruux

  • sabredav

owncloud

  • owncloud
CWE
NVD-CWE-Other