Content Spoofing Vulnerability in Nextcloud and ownCloud Server

Content Spoofing Vulnerability in Nextcloud and ownCloud Server

CVE-2016-9468 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Learn more about our Cis Benchmark Audit For Server Software.