CVE-2015-3013

ownCloud Server <5.0.19,6.x<6.0.7,7.x<7.0.5 - Auth Bypass

Title source: llm
STIX 2.1

Description

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-003
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74451
Patch, Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-004
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3244

Scores

EPSS 0.0013
EPSS Percentile 32.1%

Details

CWE
CWE-74
Status published
Products (1)
owncloud/owncloud_server 5.0.0 - 5.0.19
Published May 08, 2015
Tracked Since Feb 18, 2026