cbcvebase.
CVE-2015-6500
published 2015-10-26

CVE-2015-6500: Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and…

PriorityP337high7.5CVSS 2.0
AVNACLAuSCPINAC
EPSS
2.63%
83.6th percentile
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.

Affected

14 ranges
VendorProductVersion rangeFixed in
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server
owncloudowncloud_server

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:S/C:P/I:N/A:C
vendor_cisco6.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.