CVE-2017-0887

Summary

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the OC-Total-Length HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Affected Software

VendorProductVersion RangeStatus
NextcloudNextcloud ServerAll versions before 9.0.55 and 10.0.2affected

Weaknesses

  • CWE-807: Reliance on Untrusted Inputs in a Security Decision (CWE-807)

ADP Enrichment

CVE Program Container

Additional References

References