cnvd - cnvd-2017-05378

cnvd-2017-05378

Vulnerability from cnvd

Title: Nextcloud Server和ownCloud Server跨站脚本漏洞

Description:

ownCloud是德国ownCloud公司的一套免费且开源的个人云存储解决方案。Nextcloud是一套开源的自托管文件同步和共享的通信应用平台。ownCloud Server和Nextcloud Server都是其中的一个服务器版。

Nextcloud Server 9.0.52之前的版本和ownCloud Server 9.0.4之前的版本中存在跨站脚本漏洞。攻击者可利用该漏洞注入任意Web的脚本或HTML。

Severity: 中

Patch Name: Nextcloud Server和ownCloud Server跨站脚本漏洞的补丁

Patch Description:

Nextcloud Server 9.0.52之前的版本和ownCloud Server 9.0.4之前的版本中存在跨站脚本漏洞。攻击者可利用该漏洞注入任意Web的脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://nextcloud.com/security/advisory/?id=nc-sa-2016-002

Reference: https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070 https://nvd.nist.gov/vuln/detail/CVE-2016-9459

Impacted products

Name
['OwnCloud ownCloud Server <9.0.4', 'Nextcloud Nextcloud <9.0.52']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97284"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9459",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9459"
    }
  },
  "description": "ownCloud\u662f\u5fb7\u56fdownCloud\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u4e2a\u4eba\u4e91\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002Nextcloud\u662f\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002ownCloud Server\u548cNextcloud Server\u90fd\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u670d\u52a1\u5668\u7248\u3002\r\n\r\nNextcloud Server 9.0.52\u4e4b\u524d\u7684\u7248\u672c\u548cownCloud Server 9.0.4\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u7684\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Alejo Popovici",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://nextcloud.com/security/advisory/?id=nc-sa-2016-002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05378",
  "openTime": "2017-04-26",
  "patchDescription": "ownCloud\u662f\u5fb7\u56fdownCloud\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u4e2a\u4eba\u4e91\u5b58\u50a8\u89e3\u51b3\u65b9\u6848\u3002Nextcloud\u662f\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002ownCloud Server\u548cNextcloud Server\u90fd\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u670d\u52a1\u5668\u7248\u3002\r\n\r\nNextcloud Server 9.0.52\u4e4b\u524d\u7684\u7248\u672c\u548cownCloud Server 9.0.4\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u7684\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Nextcloud Server\u548cownCloud Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OwnCloud ownCloud Server \u003c9.0.4",
      "Nextcloud Nextcloud \u003c9.0.52"
    ]
  },
  "referenceLink": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9459",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-30",
  "title": "Nextcloud Server\u548cownCloud Server\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2016-9459 (GCVE-0-2016-9459)

Vulnerability from cvelistv5

Published

2017-03-28 02:46

Modified

2024-08-06 02:50

Severity ?

CWE

CWE-209 - Cross-Site Scripting Using MIME Type Mismatch ()

Summary

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.

References

▼	URL	Tags
	https://owncloud.org/security/advisory?id=oc-sa-2016-012	x_refsource_MISC
	https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1	x_refsource_MISC
	https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335	x_refsource_MISC
	https://hackerone.com/reports/146278	x_refsource_MISC
	https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc	x_refsource_MISC
	https://nextcloud.com/security/advisory/?id=nc-sa-2016-002	x_refsource_MISC
	https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070	x_refsource_MISC
	http://www.securityfocus.com/bid/97284	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4	Version: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/146278"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
          },
          {
            "name": "97284",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97284"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "Cross-Site Scripting Using MIME Type Mismatch (CWE-209)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/146278"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
        },
        {
          "name": "97284",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97284"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2016-9459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Nextcloud Server \u0026 ownCloud Server Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Server before 9.0.52 \u0026 ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting Using MIME Type Mismatch (CWE-209)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://owncloud.org/security/advisory?id=oc-sa-2016-012",
              "refsource": "MISC",
              "url": "https://owncloud.org/security/advisory?id=oc-sa-2016-012"
            },
            {
              "name": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1"
            },
            {
              "name": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335"
            },
            {
              "name": "https://hackerone.com/reports/146278",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/146278"
            },
            {
              "name": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc",
              "refsource": "MISC",
              "url": "https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc"
            },
            {
              "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002",
              "refsource": "MISC",
              "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-002"
            },
            {
              "name": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070"
            },
            {
              "name": "97284",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97284"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2016-9459",
    "datePublished": "2017-03-28T02:46:00",
    "dateReserved": "2016-11-19T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted