Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2016-9461
PUBLISHED
More InfoOfficial Page
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
View Known Exploited Vulnerability (KEV) details
Published At-28 Mar, 2017 | 02:46
Updated At-06 Aug, 2024 | 02:50
Rejected At-
▼CVE Numbering Authority (CNA)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

Affected Products
Vendor
n/a
Product
Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4
Versions
Affected
  • Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4
Problem Types
TypeCWE IDDescription
CWECWE-275Permission Issues (CWE-275)
Type: CWE
CWE ID: CWE-275
Description: Permission Issues (CWE-275)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://owncloud.org/security/advisory/?id=oc-sa-2016-014
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
x_refsource_MISC
http://www.securityfocus.com/bid/97276
vdb-entry
x_refsource_BID
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
x_refsource_MISC
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
x_refsource_MISC
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
x_refsource_MISC
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
x_refsource_MISC
https://hackerone.com/reports/145950
x_refsource_MISC
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
x_refsource_MISC
Hyperlink: https://owncloud.org/security/advisory/?id=oc-sa-2016-014
Resource:
x_refsource_MISC
Hyperlink: https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/97276
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
Resource:
x_refsource_MISC
Hyperlink: https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
Resource:
x_refsource_MISC
Hyperlink: https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
Resource:
x_refsource_MISC
Hyperlink: https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
Resource:
x_refsource_MISC
Hyperlink: https://hackerone.com/reports/145950
Resource:
x_refsource_MISC
Hyperlink: https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://owncloud.org/security/advisory/?id=oc-sa-2016-014
x_refsource_MISC
x_transferred
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/97276
vdb-entry
x_refsource_BID
x_transferred
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
x_refsource_MISC
x_transferred
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
x_refsource_MISC
x_transferred
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
x_refsource_MISC
x_transferred
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
x_refsource_MISC
x_transferred
https://hackerone.com/reports/145950
x_refsource_MISC
x_transferred
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
x_refsource_MISC
x_transferred
Hyperlink: https://owncloud.org/security/advisory/?id=oc-sa-2016-014
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97276
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://hackerone.com/reports/145950
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
Resource:
x_refsource_MISC
x_transferred
Details not found