// For flags

CVE-2016-9467

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Nextcloud Server en versiones anteriores a 9.0.54 y 10.0.1y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de contenido de suplantación en la aplicación de archivos. La barra de ubicación en la aplicación de archivos no estaba verificando los parámetros pasados. Un atacante podría manipular un enlace no válido a una estructura de directorio falsa y usar esto para mostrar un mensaje de error controlado por el atacante al usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-19 CVE Reserved
  • 2017-03-28 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-09-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-284: Improper Access Control
  • CWE-451: User Interface (UI) Misrepresentation of Critical Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nextcloud
Search vendor "Nextcloud"
Nextcloud Server
Search vendor "Nextcloud" for product "Nextcloud Server"
< 9.0.54
Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 9.0.54"
-
Affected
Nextcloud
Search vendor "Nextcloud"
Nextcloud Server
Search vendor "Nextcloud" for product "Nextcloud Server"
>= 10.0.0 < 10.0.1
Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 10.0.0 < 10.0.1"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
>= 9.0.0 < 9.0.6
Search vendor "Owncloud" for product "Owncloud" and version " >= 9.0.0 < 9.0.6"
-
Affected
Owncloud
Search vendor "Owncloud"
Owncloud
Search vendor "Owncloud" for product "Owncloud"
>= 9.1.0 < 9.1.2
Search vendor "Owncloud" for product "Owncloud" and version " >= 9.1.0 < 9.1.2"
-
Affected