CVE-2012-4392

Publication date 5 September 2012

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Read the notes from the security team

Status

Package Ubuntu Release Status
owncloud 15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes

mdeslaur

owncloud packages in Ubuntu are now empty

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
owncloud

References

Other references

Access our resources on patching vulnerabilities