CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
Percentile
39.9%
ownCloud Desktop Client before 1.8.2 does not call
QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which
allows man-in-the-middle attackers to bypass the user’s certificate
distrust decision and obtain sensitive information by leveraging a
self-signed certificate and a connection to a server using its own
self-signed certificate.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 15.04 | noarch | owncloud-client | < 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1build0.15.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2015-4456
nvd.nist.gov/vuln/detail/CVE-2015-4456
owncloud.org/security/advisories/improper-validation-of-certificates-when-using-self-signed-certificates/
owncloud.org/security/advisory/?id=oc-sa-2015-009
security-tracker.debian.org/tracker/CVE-2015-4456
www.cve.org/CVERecord?id=CVE-2015-4456