CVE-2016-9468

Summary

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2affected

Weaknesses

  • CWE-451: User Interface (UI) Misrepresentation of Critical Information (CWE-451)

ADP Enrichment

CVE Program Container

Additional References

References