Bypassing Quota Limitation in Nextcloud Server

Bypassing Quota Limitation in Nextcloud Server

CVE-2017-0887 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Learn more about our Cis Benchmark Audit For Server Software.