How severe is CVE-2017-0887?

CVE-2017-0887 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2017-0887

Name: nextcloud_server
Author: nextcloud

4.3MEDIUM

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary

Опубликовано: 4/5/2017Обновлено: 4/20/2025

Описание

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator.

ИИ-АнализНа базе ИИ

Затронутые продукты

nextcloudnextcloud_server

Ссылки

https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory
https://hackerone.com/reports/173622
Third Party Advisory
https://nextcloud.com/security/advisory/?id=nc-sa-2017-005
Broken LinkPatchVendor Advisory