1. CVE-Search
  2. CVE-2015-7298
ID CVE-2015-7298
Summary ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
References
Vulnerable Configurations
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:owncloud:owncloud_desktop_client:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:owncloud:owncloud_desktop_client:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 28-10-2015 - 11:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
confirm https://owncloud.org/security/advisory/?id=oc-sa-2015-016
Last major update 28-10-2015 - 11:39
Published 26-10-2015 - 14:59
Last modified 28-10-2015 - 11:39
Back to Top