CVE-2014-2047

ownCloud <6.0.2 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.

References (1)

[Patch, Vendor Advisory] http://owncloud.org/about/security/advisories/oC-SA-2014-001/

Scores

EPSS 0.0037

EPSS Percentile 58.1%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

owncloud/owncloud < 6.0.1

owncloud/owncloud_server

Timeline

Published Mar 14, 2014

Tracked Since Feb 18, 2026