CVE-2017-0887

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.
References
Link Resource
https://hackerone.com/reports/173622 Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005 Broken Link Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

04 Oct 2022, 14:16

Type Values Removed Values Added
References (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2017-005 - Patch, Vendor Advisory (CONFIRM) https://nextcloud.com/security/advisory/?id=nc-sa-2017-005 - Broken Link, Patch, Vendor Advisory
CPE cpe:2.3:a:nextcloud:nextcloud_server:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

27 Sep 2022, 14:04

Type Values Removed Values Added
CPE cpe:2.3:a:nextcloud:nextcloud:10.0.2:*:*:*:*:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:10.0.2:*:*:*:*:*:*:*
First Time Nextcloud nextcloud Server

Information

Published : 2017-04-05 20:59

Updated : 2023-12-10 12:01


NVD link : CVE-2017-0887

Mitre link : CVE-2017-0887

CVE.ORG link : CVE-2017-0887


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-20

Improper Input Validation

CWE-807

Reliance on Untrusted Inputs in a Security Decision