How severe is CVE-2017-0887?

CVE-2017-0887 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2017-0887

Name: nextcloud_server
Author: nextcloud

4.3MEDIUM

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary

公開日: 4/5/2017更新日: 4/20/2025

説明

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

AI分析AIによる分析

影響を受ける製品

nextcloudnextcloud_server

参照

https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory
https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory