Candidate: CVE-2014-2052
PublicDate: 2020-02-11 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2052
 http://owncloud.org/about/security/advisories/oC-SA-2014-006
Description:
 Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before
 6.0.2, allows remote attackers to read arbitrary files, cause a denial of
 service, or possibly have other impact via an XML External Entity (XXE)
 attack.
Ubuntu-Description:
Notes:
 mdeslaur> owncloud packages in Ubuntu are now empty
 sbeattie> according to debian, the reference wrt zendframework is for
   CVE-2012-6532
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_owncloud:
upstream_owncloud: released (6.0.2+dfsg-1)
precise_owncloud: not-affected
trusty_owncloud: not-affected
trusty/esm_owncloud: DNE (trusty was not-affected)
vivid_owncloud: DNE
wily_owncloud: DNE
devel_owncloud: DNE