Mageia Linux Local Check: mgasa-2016-0040

Published: 2016-02-02 05:44:19
CVE Author: NIST National Vulnerability Database (NVD)

Technical Details:
A Cross-site scripting (XSS) vulnerability in the OCS discovery provider in ownCloud Server before 8.0.10 allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting (CVE-2016-1498). ownCloud Server before 8.0.10 allows remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php (CVE-2015-1499). ownCloud Server before 8.0.10, when the file_versions application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with .v and belonging to a sharing user by leveraging an incoming share (CVE-2016-1500).

Recommendations:
Update the affected Linux Distribution Packages to the latest available version.

Solution Type:
Vendor Patch

CVSS Base Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:C

Detection Type:
Linux Distribution Package

Summary:
Mageia Linux Local Security Checks mgasa-2016-0040

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2016-1498
https://nvd.nist.gov/vuln/detail/CVE-2016-1499
https://nvd.nist.gov/vuln/detail/CVE-2016-1500

References:

https://advisories.mageia.org/MGASA-2016-0040.html

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.