5.8

CVE-2012-2270

Exploit
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OwncloudOwncloud Version <= 3.0.2
OwncloudOwncloud Server Version3.0.0
OwncloudOwncloud Server Version3.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.08% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html
http://secunia.com/advisories/48850
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/08/11/1
http://www.openwall.com/lists/oss-security/2012/09/02/2
http://www.securityfocus.com/bid/53145
http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt
Exploit
http://osvdb.org/81211
http://owncloud.org/security/advisories/CVE-2012-2270/
http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/75029