Back to search
CVE-2015-4456
Published: Oct 26, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3363
vendor-advisory
x_refsource_DEBIAN
https://github.com/owncloud/client/issues/3283
x_refsource_CONFIRM
https://owncloud.org/security/advisory/?id=oc-sa-2015-009
x_refsource_CONFIRM
75354
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now