CVE-2016-9468
published 2017-03-28CVE-2016-9468: Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed…
PriorityP427medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
2.08%
79.1th percentile
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | nextcloud_server | < 9.0.54 | 9.0.54 |
| nextcloud | nextcloud_server | 10.0.0 – 10.0.1 | — |
| owncloud | owncloud | >= 9.0.0 < 9.0.6 | 9.0.6 |
| owncloud | owncloud | >= 9.1.0 < 9.1.2 | 9.1.2 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5fhttps://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3ehttps://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336ehttps://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35https://hackerone.com/reports/149798https://nextcloud.com/security/advisory/?id=nc-sa-2016-011https://owncloud.org/security/advisory/?id=oc-sa-2016-021https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5fhttps://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3ehttps://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336ehttps://github.com/owncloud/core/commit/bcc6c39ad8c22a00323a114e9c1a0a834983fb35https://hackerone.com/reports/149798https://nextcloud.com/security/advisory/?id=nc-sa-2016-011https://owncloud.org/security/advisory/?id=oc-sa-2016-021
2017-03-28
Published