← Voltar para CVEs
CVE-2017-0887
MEDIUM4.3
Descricao
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado4/5/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
nextcloud:nextcloud_server
Fraquezas (CWE)
CWE-807CWE-20
Referencias
https://hackerone.com/reports/173622(support@hackerone.com)
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005(support@hackerone.com)
https://hackerone.com/reports/173622(af854a3a-2127-422b-91ae-364da2661108)
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.