How severe is CVE-2017-0887?

CVE-2017-0887 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2017-0887

Name: nextcloud_server
Author: nextcloud

4.3MEDIUM

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary

Publicado: 4/5/2017Actualizado: 4/20/2025

Descripción

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

Análisis IAImpulsado por IA

Productos Afectados

nextcloudnextcloud_server

Referencias

https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory
https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory