CVE-2017-0887

Опубликовано: 05 апр. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Ссылки

https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken Link
Patch
Vendor Advisory
https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken Link
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия до 9.0.55 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.0.2 (исключая)

EPSS

Процентиль: 60%

0.00401

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-807

CWE-20

Связанные уязвимости

CVE-2017-0887

CVSS3: 4.3

debian

около 8 лет назад

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...

GHSA-fxf7-m32w-qh93

CVSS3: 4.3

github

около 3 лет назад

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

EPSS

Процентиль: 60%

0.00401

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-807

CWE-20