CVE-2016-9461: CVE-2016-9461

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-9461

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

Permission Issues

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nextcloud Server和ownCloud Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ownCloud是德国ownCloud公司的一套免费且开源的个人云存储解决方案。Nextcloud是一套开源的自托管文件同步和共享的通信应用平台。ownCloud Server和Nextcloud Server都是其中的一个服务器版。 Nextcloud Server 9.0.52之前的版本和ownCloud Server 9.0.4之前的版本中存在安全漏洞，该漏洞源于程序没有正确检查权限。攻击者可利用该漏洞放入新文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4	Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4	-

II. Public POCs for CVE-2016-9461

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-9461

Please Login to view more intelligence information

https://hackerone.com/reports/145950x_refsource_MISC
https://owncloud.org/security/advisory/?id=oc-sa-2016-014x_refsource_MISC
https://github.com/nextcloud/server/commit/3491400261c1454a9a30d3ec96969573330120ccx_refsource_MISC
https://github.com/owncloud/core/commit/0622e635d97cb17c5e1363e370bb8268cc3d2547x_refsource_MISC
https://github.com/owncloud/core/commit/c0a4b7b3f38ad2eaf506484b3b92ec678cb021c9x_refsource_MISC
https://github.com/owncloud/core/commit/acbbadb71ceee7f01da347f7dcd519beda78cc47x_refsource_MISC
https://github.com/owncloud/core/commit/121a3304a0c37ccda0e1b63ddc528cba9121a36ex_refsource_MISC
https://nextcloud.com/security/advisory/?id=nc-sa-2016-004x_refsource_MISC
http://www.securityfocus.com/bid/97276vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2016-9461

New Vulnerabilities

Product: Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4

Vendor: n/a

Same weakness: CWE-275

V. Comments for CVE-2016-9461

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2016-9461

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-9461

III. Intelligence Information for CVE-2016-9461

New Vulnerabilities

V. Comments for CVE-2016-9461

Leave a comment