CVE-2015-7298 — MEDIUM (5.1)

Q: How severe is CVE-2015-7298?

CVE-2015-7298 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7298?

Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Desktop Client, Qt Qt.

Vulnerability Description

ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Owncloud	Owncloud Desktop Client	<= 2.0.0
Qt	Qt	5.3.0

References

https://owncloud.org/security/advisory/?id=oc-sa-2015-016Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2015-016Vendor Advisory

FAQ

What is CVE-2015-7298?

CVE-2015-7298 is a vulnerability with a CVSS score of 5.1 (MEDIUM). ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote ...

How severe is CVE-2015-7298?

CVE-2015-7298 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7298?

Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Desktop Client, Qt Qt.