CVE-2013-1939

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ (backslash) character.

Published : 2014-03-14 16:55 Updated : 2018-12-06 20:37

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Owncloud Owncloud 4.0.9 cpe:/a:owncloud:owncloud:4.0.9
Owncloud Owncloud 4.5.4 cpe:/a:owncloud:owncloud:4.5.4
Fruux Sabredav 1.6.7 cpe:/a:fruux:sabredav:1.6.7
Fruux Sabredav 1.6.8 cpe:/a:fruux:sabredav:1.6.8
Fruux Sabredav 1.6.5 cpe:/a:fruux:sabredav:1.6.5
Fruux Sabredav 1.6.2 cpe:/a:fruux:sabredav:1.6.2
Fruux Sabredav 1.6.0 cpe:/a:fruux:sabredav:1.6.0
Owncloud Owncloud 4.5.7 cpe:/a:owncloud:owncloud:4.5.7
Owncloud Owncloud 4.5.8 cpe:/a:owncloud:owncloud:4.5.8
Owncloud Owncloud 4.0.13 cpe:/a:owncloud:owncloud:4.0.13
Owncloud Owncloud 4.5.5 cpe:/a:owncloud:owncloud:4.5.5
Fruux Sabredav 1.6.3 cpe:/a:fruux:sabredav:1.6.3
Owncloud Owncloud 4.5.6 cpe:/a:owncloud:owncloud:4.5.6
Fruux Sabredav 1.6.4 cpe:/a:fruux:sabredav:1.6.4
Owncloud Owncloud 4.0.8 cpe:/a:owncloud:owncloud:4.0.8
Owncloud Owncloud 4.0.11 cpe:/a:owncloud:owncloud:4.0.11
Owncloud Owncloud 4.5.3 cpe:/a:owncloud:owncloud:4.5.3
Fruux Sabredav 1.6.1 cpe:/a:fruux:sabredav:1.6.1
Owncloud Owncloud 4.0.12 cpe:/a:owncloud:owncloud:4.0.12
Owncloud Owncloud 4.0.10 cpe:/a:owncloud:owncloud:4.0.10
Owncloud Owncloud 4.0.1 cpe:/a:owncloud:owncloud:4.0.1
Owncloud Owncloud 4.0.6 cpe:/a:owncloud:owncloud:4.0.6
Owncloud Owncloud 4.5.1 cpe:/a:owncloud:owncloud:4.5.1
Owncloud Owncloud 4.0.7 cpe:/a:owncloud:owncloud:4.0.7
Owncloud Owncloud 4.5.2 cpe:/a:owncloud:owncloud:4.5.2
Owncloud Owncloud 4.0.4 cpe:/a:owncloud:owncloud:4.0.4
Owncloud Owncloud 4.0.5 cpe:/a:owncloud:owncloud:4.0.5
Owncloud Owncloud 4.5.0 cpe:/a:owncloud:owncloud:4.5.0
Owncloud Owncloud 4.0.2 cpe:/a:owncloud:owncloud:4.0.2
Owncloud Owncloud 4.0.3 cpe:/a:owncloud:owncloud:4.0.3
Owncloud Owncloud 4.0.0 cpe:/a:owncloud:owncloud:4.0.0
Owncloud Owncloud 5.0.0 cpe:/a:owncloud:owncloud:5.0.0
Fruux Sabredav 1.6.6 cpe:/a:fruux:sabredav:1.6.6
Owncloud Owncloud 5.0.3 cpe:/a:owncloud:owncloud:5.0.3
Owncloud Owncloud 5.0.2 cpe:/a:owncloud:owncloud:5.0.2
Owncloud Owncloud 5.0.1 cpe:/a:owncloud:owncloud:5.0.1
  1. Owncloud (1) Search CVE
    1. Owncloud (27) Search CVE
      1. 4.0.9
      2. 4.5.4
      3. 4.5.7
      4. 4.5.8
      5. 4.0.13
      6. 4.5.5
      7. 4.5.6
      8. 4.0.8
      9. 4.0.11
      10. 4.5.3
      11. 4.0.12
      12. 4.0.10
      13. 4.0.1
      14. 4.0.6
      15. 4.5.1
      16. 4.0.7
      17. 4.5.2
      18. 4.0.4
      19. 4.0.5
      20. 4.5.0
      21. 4.0.2
      22. 4.0.3
      23. 4.0.0
      24. 5.0.0
      25. 5.0.3
      26. 5.0.2
      27. 5.0.1
  2. Fruux (1) Search CVE
    1. Sabredav (9) Search CVE
      1. 1.6.7
      2. 1.6.8
      3. 1.6.5
      4. 1.6.2
      5. 1.6.0
      6. 1.6.3
      7. 1.6.4
      8. 1.6.1
      9. 1.6.6

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-12-06 20:37
2018-08-13 21:47
2014-03-14 16:55

New CVE