Vulnerability Description
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud | < 6.0.8 |
| Owncloud | Owncloud Server | >= 7.0.0, < 7.0.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/76158Third Party AdvisoryVDB Entry
- https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77aPatchThird Party Advisory
- https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-Vendor Advisory
- https://owncloud.org/security/advisory/?id=oc-sa-2015-005Vendor Advisory
- http://www.securityfocus.com/bid/76158Third Party AdvisoryVDB Entry
- https://github.com/owncloud/core/commit/bf0f1a50926a75a26a42a3da4d62e84a489ee77aPatchThird Party Advisory
- https://owncloud.org/security/advisories/mounted-dropbox-storage-allows-dropbox-Vendor Advisory
- https://owncloud.org/security/advisory/?id=oc-sa-2015-005Vendor Advisory
FAQ
What is CVE-2015-4715?
CVE-2015-4715 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote ad...
How severe is CVE-2015-4715?
CVE-2015-4715 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4715?
Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud, Owncloud Owncloud Server.