Platform: ownCloud Server
Risk level: Low
Due to the inclusion of the Amazon SDK testing suite an unauthenticated attacker is able to gain additional informations about the server including:
- the PHP version
- the cURL version
- informations wether the following functions/modules are available:
- File System Read/Write
- SQLite 2
- SQLite 3
- the following PHP settings:
- the server architecture (32bit/64bit)
- ownCloud Server < 4.0.12 (CVE-2013-0302)
It is recommended that all instances are upgraded to ownCloud Server 4.0.12.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (firstname.lastname@example.org) – Vulnerability discovery and disclosure.