CVE-2016-9461 - Vulnerability Details - OpenCVE

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Nextcloud Server
Owncloud	Owncloud

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:owncloud:owncloud::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97276
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9
https://hackerone.com/reports/145950
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004
https://owncloud.org/security/advisory/?id=oc-sa-2016-014

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2017-03-28T02:46:00

Updated: 2024-08-06T02:50:38.345Z

Reserved: 2016-11-19T00:00:00

Link: CVE-2016-9461

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-28T02:59:00.840

Modified: 2024-11-21T03:01:15.790

Link: CVE-2016-9461

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", "vendor": "n/a", "versions": [{"status": "affected", "version": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-275", "description": "Permission Issues (CWE-275)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-04-03T09:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"tags": ["x_refsource_MISC"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"name": "97276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97276"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/145950"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2016-9461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", "version": {"version_data": [{"version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Permission Issues (CWE-275)"}]}]}, "references": {"reference_data": [{"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014", "refsource": "MISC", "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004", "refsource": "MISC", "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"name": "97276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97276"}, {"name": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"name": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"name": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"name": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"name": "https://hackerone.com/reports/145950", "refsource": "MISC", "url": "https://hackerone.com/reports/145950"}, {"name": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc", "refsource": "MISC", "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.345Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"name": "97276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97276"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/145950"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-9461", "datePublished": "2017-03-28T02:46:00", "dateReserved": "2016-11-19T00:00:00", "dateUpdated": "2024-08-06T02:50:38.345Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D", "versionEndExcluding": "9.0.52", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC", "versionEndExcluding": "9.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}, {"lang": "es", "value": "Nextcloud Server en versiones anteriores a 9.0.52 & ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los permisos de comprobaci\u00f3n de edici\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\u00f3n WebDAV COPY. Esto permiti\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\u00ed nuevos archivos. No fue posible modificar los archivos existentes."}], "id": "CVE-2016-9461", "lastModified": "2024-11-21T03:01:15.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-28T02:59:00.840", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97276"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/145950"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/145950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-275"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}