CVE-2016-9459

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.

Nextcloud Server en versiones anteriores a 9.0.52 & ownCloud Server en versiones anteriores a 9.0.4 son vulnerables a una vulnerabilidad de contaminación de registro que potencialmente conduce a una XSS local. La funcionalidad de registro de descarga en la pantalla de administración proporciona el registro en formato JSON al usuario final. El archivo se entregó con una disposición de adjuntos forzando al navegador a descargar el documento. Sin embargo, Firefox que funciona en Microsoft Windows ofrecería al usuario abrir los datos en el navegador como documento HTML. Así, cualquier dato inyectado en el registro sería ejecutado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-11-19 CVE Reserved
2017-03-28 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-209: Generation of Error Message Containing Sensitive Information

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/97284	Third Party Advisory

URL	Date	SRC
https://hackerone.com/reports/146278	2024-08-06

URL	Date	SRC
https://github.com/nextcloud/server/commit/94975af6db1551c2d23136c2ea22866a5b416070	2019-10-09
https://github.com/owncloud/core/commit/044ee072a647636b1a17c89265c7233b35371335	2019-10-09
https://github.com/owncloud/core/commit/b7fa2c5dc945b40bc6ed0a9a0e47c282ebf043e1	2019-10-09
https://github.com/owncloud/core/commit/efa35d621dc7ff975468e636a5d1c153511296dc	2019-10-09
https://nextcloud.com/security/advisory/?id=nc-sa-2016-002	2019-10-09
https://owncloud.org/security/advisory?id=oc-sa-2016-012	2019-10-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nextcloud Search vendor "Nextcloud"		Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server"				< 9.0.52 Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 9.0.52"		-		Affected
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				< 9.0.4 Search vendor "Owncloud" for product "Owncloud" and version " < 9.0.4"		-		Affected