CVE-2016-9468

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9468
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9468.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9468
Published
2017-03-28T02:59:01.200Z
Modified
2026-04-10T03:54:15.640443Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
36750094f8b1a2f3bb24ac46348a639fc6197f9c
Introduced
43ce8b13c1422ed82f42886b5918159f05b36967
Last affected
12ec1d1e3e5d90140e2afaca8afc3727dadeca1a
Introduced
81f694d83e8246d9b6482b773c8bdca675c51828
Fixed
eac87d3dd56303575746cfae6382d609bd51ff6e
Introduced
b642b26f7229c99b33e49cde86b38fdc6e8e5f21
Fixed
d47c589b0429eafa5add3a9ffc1c89f8ecccf9cc
Fixed
7350e13113c8ed484727a5c25331ec11d4d59f5f
Fixed
a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.0.54"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.0.1"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.6"
        },
        {
            "introduced": "9.1.0"
        },
        {
            "fixed": "9.1.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/owncloud/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96b8afe48570bc70088ccd8f897e9d71997d336e
Fixed
bcc6c39ad8c22a00323a114e9c1a0a834983fb35

Affected versions

v1.*
v1.0.0beta1
v10.*
v10.0.0
v10.0.1
v10.0.1RC1
v3.*
v3.0
v4.*
v4.0.0
v4.0.0RC
v4.0.0RC2
v4.0.0beta
v4.0.1
v4.0.4
v4.0.5
v4.0.6
v4.5.0
v4.5.0RC1
v4.5.0RC2
v4.5.0RC3
v4.5.0beta3
v4.5.0beta4
v5.*
v5.0.0
v5.0.0RC1
v5.0.0RC2
v5.0.0RC3
v5.0.0alpha1
v5.0.0beta1
v5.0.0beta2
v6.*
v6.0.0RC1
v6.0.0RC2
v6.0.0alpha2
v6.0.0beta2
v6.0.0beta3
v6.0.0beta4
v6.0.0beta5
v7.*
v7.0.0alpha2
v7.0.0beta1
v8.*
v8.0.0
v8.0.0RC1
v8.0.0RC2
v8.0.0alpha1
v8.0.0alpha2
v8.0.0beta1
v8.0.0beta2
v8.1.0alpha1
v8.1.0alpha2
v8.1.0beta1
v8.1.0beta2
v8.1RC2
v8.2RC1
v8.2beta1
v9.*
v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.1beta2
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0.3
v9.0.3RC1
v9.0.4
v9.0.4RC1
v9.0.5
v9.0.50
v9.0.51
v9.0.52
v9.0.52RC1
v9.0.54RC1
v9.0.5RC1
v9.0.5RC2
v9.0.6RC1
v9.0.6RC2
v9.0beta1
v9.1.0
v9.1.0RC1
v9.1.0RC2
v9.1.0RC3
v9.1.0RC4
v9.1.0beta1
v9.1.0beta2
v9.1.1
v9.1.1RC1
v9.1.1RC2
v9.1.1RC3
v9.1.2RC1
v9.1.2RC2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9468.json"