CVE-2015-6500 — Path Traversal in Server

CWE-22 — Path Traversal CWE-3998 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedOct 26

Latest updateMay 17

Description

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:CExploitability: 8.0 | Impact: 7.8

Affected Packages1 packages

▶NVDowncloud/owncloud_server14 versions+13

🔴Vulnerability Details

GHSA

GHSA-pmhq-22rw-g7qj: Directory traversal vulnerability in ownCloud Server before 8↗2022-05-17

▶

CVEList

CVE-2015-6500: Directory traversal vulnerability in ownCloud Server before 8↗2015-10-26

▶

📋Vendor Advisories

Cisco

Cisco Catalyst 6500 Series Switches IPsec Tunnel Handling Denial of Service Vulnerability↗2015-06-08

▶

💬Community

Bugzilla

CVE-2015-6500 owncloud: Information Exposure Through Directory Listing in the file scanner [epel-7]↗2015-09-18

▶

Bugzilla

CVE-2015-6500 owncloud: Information Exposure Through Directory Listing in the file scanner↗2015-09-18

▶

Bugzilla

CVE-2015-6500 owncloud: Information Exposure Through Directory Listing in the file scanner [fedora-all]↗2015-09-18

▶

Bugzilla

CVE-2015-6500 owncloud: Information Exposure Through Directory Listing in the file scanner [epel-6]↗2015-09-18

▶