CVE-2017-0887
N/A
N/A
Summary
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nextcloud | Nextcloud Server | All versions before 9.0.55 and 10.0.2 | affected |
Weaknesses
- CWE-807: Reliance on Untrusted Inputs in a Security Decision (CWE-807)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.