CVE-2015-6500
ownCloud Server < 8.0.6 and 8.1.x < 8.1.1 - Authenticated Directory Traversal via dir Parameter
Title source: llmDescription
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3373
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-014
Scores
EPSS
0.0090
EPSS Percentile
76.0%
Details
CWE
CWE-22
CWE-399
Status
published
Products (14)
owncloud/owncloud_server
7.0.0
owncloud/owncloud_server
7.0.1
owncloud/owncloud_server
7.0.2
owncloud/owncloud_server
7.0.3
owncloud/owncloud_server
7.0.4
owncloud/owncloud_server
7.0.5
owncloud/owncloud_server
7.0.6
owncloud/owncloud_server
7.0.7
owncloud/owncloud_server
8.0.0
owncloud/owncloud_server
8.0.2
... and 4 more
Published
Oct 26, 2015
Tracked Since
Feb 18, 2026