CVE-2016-9461

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/97276	Third Party Advisory VDB Entry
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9	Issue Tracking Patch Third Party Advisory
https://hackerone.com/reports/145950	Exploit Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004	Patch Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2016-014	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:owncloud:owncloud::::::::

History

No history.

Information

Published : 2017-03-28 02:59

Updated : 2019-10-09 23:20

NVD link : CVE-2016-9461

Mitre link : CVE-2016-9461

CVE.ORG link : CVE-2016-9461

JSON object : View

Products Affected

owncloud

owncloud

nextcloud

nextcloud_server

CWE

CWE-284

Improper Access Control

CWE-275

Permission Issues

{"id": "CVE-2016-9461", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-03-28T02:59:00.840", "references": [{"url": "http://www.securityfocus.com/bid/97276", "tags": ["Third Party Advisory", "VDB Entry"], "source": "support@hackerone.com"}, {"url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/145950", "tags": ["Exploit", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}, {"lang": "es", "value": "Nextcloud Server en versiones anteriores a 9.0.52 & ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los permisos de comprobaci\u00f3n de edici\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\u00f3n WebDAV COPY. Esto permiti\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\u00ed nuevos archivos. No fue posible modificar los archivos existentes."}], "lastModified": "2019-10-09T23:20:28.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D", "versionEndExcluding": "9.0.52"}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC", "versionEndExcluding": "9.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-9461

4.3^/10

4.0^/10

Attach tags to `CVE-2016-9461`