CVE-2015-4716

Published: 21 October 2015

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.

Priority

Medium

Status

Package Release Status
owncloud
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.6+dfsg-1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable

Notes

AuthorNote
mdeslaur owncloud packages in Ubuntu are now empty
sarnold advisory claims MS Windows but does not describe the mitigating factors on other platforms

References