Detections
Analytics

FreeBSD : owncloud -- Multiple security vulnerabilities (d7a43ee6-d2d5-11e2-9894-002590082ac6)

medium Nessus Plugin ID 66875

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The ownCloud development team reports :

oC-SA-2013-019 / CVE-2013-2045: Multiple SQL Injections. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-020 / CVE-2013-[2039,2085]: Multiple directory traversals.
Credit to Mateusz Goik (aliantsoft.pl).

oC-SQ-2013-021 / CVE-2013-[2040-2042]: Multiple XSS vulnerabilities.
Credit to Mateusz Goik (aliantsoft.pl) and Kacper R.
(http://devilteam.pl).

oC-SA-2013-022 / CVE-2013-2044: Open redirector. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-023 / CVE-2013-2047: Password autocompletion.

oC-SA-2013-024 / CVE-2013-2043: Privilege escalation in the calendar application. Credit to Mateusz Goik (aliantsoft.pl).

oC-SA-2013-025 / CVE-2013-2048: Privilege escalation and CSRF in the API.

oC-SA-2013-026 / CVE-2013-2089: Incomplete blacklist vulnerability.

oC-SA-2013-027 / CVE-2013-2086: CSRF token leakage.

oC-SA-2013-028 / CVE-2013-[2149-2150]: Multiple XSS vulnerabilities.

Solution

Update the affected package.

See Also

https://owncloud.org/security/advisories/

http://www.nessus.org/u?786ee787

Plugin Details

Severity: Medium

ID: 66875

File Name: freebsd_pkg_d7a43ee6d2d511e29894002590082ac6.nasl

Version: 1.8

Type: local

Published: 6/12/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:owncloud, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/11/2013

Vulnerability Publication Date: 5/14/2013

Reference Information

CVE: CVE-2013-2039, CVE-2013-2040, CVE-2013-2041, CVE-2013-2042, CVE-2013-2043, CVE-2013-2044, CVE-2013-2045, CVE-2013-2047, CVE-2013-2048, CVE-2013-2085, CVE-2013-2086, CVE-2013-2089, CVE-2013-2149, CVE-2013-2150