CVE-2016-9468

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-9468

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9468.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9468

Published

2017-03-28T02:59:01.200Z

Modified

2026-02-05T10:23:21.309764Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Fixed

36750094f8b1a2f3bb24ac46348a639fc6197f9c

Introduced

b642b26f7229c99b33e49cde86b38fdc6e8e5f21

Fixed

d47c589b0429eafa5add3a9ffc1c89f8ecccf9cc

Introduced

81f694d83e8246d9b6482b773c8bdca675c51828

Fixed

eac87d3dd56303575746cfae6382d609bd51ff6e

Affected versions

v9.*

v9.0.0

v9.0.1

v9.0.1RC1

v9.0.1RC2

v9.0.1beta

v9.0.2

v9.0.2RC1

v9.0.2RC2

v9.0.3

v9.0.3RC1

v9.0.50

v9.0.51

v9.0.52

v9.0.52RC1

v9.0.54RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9468.json"