Vulnerability CVE-2014-2044
Published: 2014-10-06   Modified: 2014-10-07

Description:
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

See advisories in our WLB2 database:
Topic
Author
Date
High
ownCloud 4.0.x / 4.5.x Remote Code Execution
Alejo Murillo Mo...
07.03.2014
High
ownCloud 4.0.x & 4.5.x Remote Code Execution
Alejo Murillo Mo...
10.03.2014

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Owncloud -> Owncloud 

 References:
http://packetstormsecurity.com/files/125585/ownCloud-4.0.x-4.5.x-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Mar/45
http://www.exploit-db.com/exploits/32162
http://www.securityfocus.com/archive/1/531365/100/0/threaded
http://www.securityfocus.com/bid/66000
https://exchange.xforce.ibmcloud.com/vulnerabilities/91757
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2044/
Copyright 2024, cxsecurity.com

 

Back to Top