CVE-2013-1939
published 2014-03-14CVE-2013-1939: The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.78%
75.5th percentile
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-sabredav | — | — |
| fruux | sabredav | >= 1.6.0 < 1.6.9 | 1.6.9 |
| fruux | sabredav | >= 1.7.0 < 1.7.7 | 1.7.7 |
| fruux | sabredav | >= 1.8.0 < 1.8.5 | 1.8.5 |
| owncloud | owncloud_server | >= 4.0.0 < 4.0.14 | 4.0.14 |
| owncloud | owncloud_server | >= 4.5.0 < 4.5.9 | 4.5.9 |
| owncloud | owncloud_server | >= 5.0.0 < 5.0.4 | 5.0.4 |
| sabre | dav | >= 1.6.0 < 1.6.9 | 1.6.9 |
| sabre | dav | >= 1.7.0 < 1.7.7 | 1.7.7 |
| sabre | dav | >= 1.8.0 < 1.8.5 | 1.8.5 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SabreDAV Directory Traversal vulnerability
ghsa·2022-05-14
CVE-2013-1939 [MEDIUM] CWE-20 SabreDAV Directory Traversal vulnerability
SabreDAV Directory Traversal vulnerability
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a `\` (backslash) character.
OSV
SabreDAV Directory Traversal vulnerability
osv·2022-05-14
CVE-2013-1939 [MEDIUM] SabreDAV Directory Traversal vulnerability
SabreDAV Directory Traversal vulnerability
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a `\` (backslash) character.
Debian
CVE-2013-1939: php-sabredav - The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x ...
vendor_debian·2013·CVSS 5.0
CVE-2013-1939 [MEDIUM] CVE-2013-1939: php-sabredav - The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x ...
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.
Scope: local
bookworm: resolved
bullseye: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML Browser plug-in
bugzilla·2013-04-12·CVSS 5.0
CVE-2013-1939 [MEDIUM] CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML Browser plug-in
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML Browser plug-in
A local file exposure flaw was found in the way HTML browser plug-in of SabreDAV, a WebDAV framework for the PHP language, processed certain file system paths for icon and image files on certain platforms. A remote attacker could provide a specially-crafted icon / image file location that, when processed by an application using the SabreDav framework, would allow them to (remotely) obtain arbitary system file, accessible with the privileges of that SabreDAV application.
References:
[1] https://groups.google.com/forum/?fromgroups=#!topic/sabredav-discuss/ehOUu7wTSGQ
[2] http://www.openwall.com/lists/oss-security/2013/04/11/3
Relevant upstream patch (seems to be
Bugzilla
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [fedora-all]
bugzilla·2013-04-12·CVSS 5.0
CVE-2013-1939 [MEDIUM] CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [fedora-all]
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bugzilla
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [epel-6]
bugzilla·2013-04-12·CVSS 5.0
CVE-2013-1939 [MEDIUM] CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [epel-6]
CVE-2013-1939 php-sabredav-Sabre_DAV: Local file exposure due improper icons / images path checking in the HTML\Browser plug-in [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and th
2014-03-14
Published