Release date:
Updated on:
Affected Systems:
OwnCloud <= 4.5.5
OwnCloud <= 4.0.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57497
CVE (CAN) ID: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203, CVE-2013-0204
OwnCloud is a solution for source file synchronization and sharing.
Multiple security vulnerabilities exist in ownCloud implementation. After successful exploitation, attackers can execute arbitrary HTML and script code, steal cookie identity creden。, and execute arbitrary code on the server.
<* Source: Yuji Kosuga
Mathias Karlsson
Frans Ros & #195; & #169; n
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OwnCloud
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://owncloud.org/security/