How severe is CVE-2017-0887?

CVE-2017-0887 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2017-0887

Name: nextcloud_server
Author: nextcloud

4.3MEDIUM

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary

Published: 4/5/2017Updated: 4/20/2025

Description

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

AI AnalysisPowered by AI

Affected Products

nextcloudnextcloud_server

References

https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory
https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory