CVE-2016-1499 — Sensitive Information Exposure in Owncloud

CWE-200 — Sensitive Information Exposure CWE-3996 documents4 sources

Severity

8.5HIGHNVD

EPSS

0.5%

top 33.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedJan 8

Latest updateMay 14

Description

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:HExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

▶NVDowncloud/owncloud_server4 versions+3

▶NVDowncloud/owncloud8.0.9+2

🔴Vulnerability Details

GHSA

GHSA-r929-5x66-fmvp: ownCloud Server before 8↗2022-05-14

▶

CVEList

CVE-2016-1499: ownCloud Server before 8↗2016-01-08

▶

💬Community

Bugzilla

CVE-2016-1499 owncloud: information disclosure via directory listings↗2016-01-07

▶

Bugzilla

CVE-2016-1499 owncloud: owncloud [fedora-all]↗2016-01-07

▶

Bugzilla

CVE-2016-1499 owncloud: owncloud [epel-all]↗2016-01-07

▶