CVE-2016-9461 - OpenCVE

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Owncloud	Owncloud
Nextcloud	Nextcloud Server

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:owncloud:owncloud::::::::

References

Link	Resource
http://www.securityfocus.com/bid/97276	Third Party Advisory VDB Entry
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47	Issue Tracking Patch Third Party Advisory
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9	Issue Tracking Patch Third Party Advisory
https://hackerone.com/reports/145950	Exploit Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004	Patch Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2016-014	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2017-03-28T02:46:00

Updated: 2017-04-03T09:57:01

Reserved: 2016-11-19T00:00:00

Link: CVE-2016-9461

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-28T02:59:00.840

Modified: 2019-10-09T23:20:28.727

Link: CVE-2016-9461

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", "vendor": "n/a", "versions": [{"status": "affected", "version": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-275", "description": "Permission Issues (CWE-275)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-04-03T09:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"tags": ["x_refsource_MISC"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"name": "97276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97276"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/145950"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2016-9461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4", "version": {"version_data": [{"version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Permission Issues (CWE-275)"}]}]}, "references": {"reference_data": [{"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014", "refsource": "MISC", "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}, {"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004", "refsource": "MISC", "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"name": "97276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97276"}, {"name": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"name": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"name": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"name": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"name": "https://hackerone.com/reports/145950", "refsource": "MISC", "url": "https://hackerone.com/reports/145950"}, {"name": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc", "refsource": "MISC", "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-9461", "datePublished": "2017-03-28T02:46:00", "dateReserved": "2016-11-19T00:00:00", "dateUpdated": "2017-04-03T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC479D9A-DAEB-42B6-98D7-0A417B34359D", "versionEndExcluding": "9.0.52", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FAD2663-CE0E-4AB0-90C5-D47124458AAC", "versionEndExcluding": "9.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files."}, {"lang": "es", "value": "Nextcloud Server en versiones anteriores a 9.0.52 & ownCloud Server en versiones anteriores a 9.0.4 no est\u00e1n verificando correctamente los permisos de comprobaci\u00f3n de edici\u00f3n en las acciones de copia de WebDAV. El punto final WebDAV no comprueba correctamente el permiso en una acci\u00f3n WebDAV COPY. Esto permiti\u00f3 a un atacante autenticado con acceso a un recurso compartido de solo lectura para poner all\u00ed nuevos archivos. No fue posible modificar los archivos existentes."}], "id": "CVE-2016-9461", "lastModified": "2019-10-09T23:20:28.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-28T02:59:00.840", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97276"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120cc"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36e"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/145950"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-004"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-014"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-275"}], "source": "support@hackerone.com", "type": "Secondary"}]}