Wiz
Vulnerability DatabaseCVE-2015-4715

CVE-2015-4715
ownCloud vulnerability analysis and mitigation

Overview

CVE-2015-4715 is a security vulnerability discovered in the fetch function within OAuth/Curl.php in Dropbox-PHP, specifically affecting ownCloud Server versions before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted. The vulnerability was identified in June 2015 (CVE Details).

Technical details

The vulnerability exists in the fetch function of OAuth/Curl.php component, where remote administrators of Dropbox.com could potentially read arbitrary files through the exploitation of an @ (at sign) character in unspecified POST values. The issue stems from improper handling of file references in POST requests (CVE Details).

Impact

When successfully exploited, this vulnerability allows remote administrators of Dropbox.com to read arbitrary files from the affected ownCloud server installations that have external Dropbox storage mounted (CVE Details).

Mitigation and workarounds

The vulnerability was addressed through a security patch that adds validation to prevent handling of files containing an @ character. Users should upgrade to ownCloud Server versions 6.0.8, 7.0.6, or 8.0.4 or later to mitigate this vulnerability (Github Commit).

Additional resources

SourceThis report was generated using AI

Related ownCloud vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-49105CRITICAL9.8
  • ownCloudownCloud
  • cpe:2.3:a:owncloud:owncloud
NoYesNov 30, 2023
CVE-2024-37010HIGH8.8
  • ownCloudownCloud
  • cpe:2.3:a:owncloud:owncloud
NoYesSep 09, 2024
CVE-2022-31649HIGH7.5
  • ownCloudownCloud
  • cpe:2.3:a:owncloud:owncloud
NoYesJun 09, 2022
CVE-2021-35948MEDIUM5.4
  • ownCloudownCloud
  • cpe:2.3:a:owncloud:owncloud
NoYesSep 07, 2021
CVE-2022-43679MEDIUM5.3
  • ownCloudownCloud
  • cpe:2.3:a:owncloud:owncloud
NoYesNov 10, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo