{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T20:17:04.728","vulnerabilities":[{"cve":{"id":"CVE-2015-6500","sourceIdentifier":"cve@mitre.org","published":"2015-10-26T14:59:08.297","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en ownCloud Server en versiones anteriores a 8.0.6 y 8.1.x en versiones anteriores a 8.1.1 permite a usuarios remotos autenticados listar contenidos del directorio y posiblemente provocar una denegación de servicio (consumo de la CPU) a través de .. (punto punto) en el parámetro dir en index.php/apps/files/ajax/scan.php."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:C","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8850D462-7494-40AF-BA58-91AB3EC4688E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C21CA18D-81F1-4B65-B46A-688D060F4E37"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFF45C5A-FA91-4908-9396-984FA6DBF80B"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F0A9893F-0D5B-4DE5-B9D5-49AC2DA71BB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7F50E0BD-53F6-4BF5-8EDE-77711DC2EB04"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.5:*:*:*:*:*:*:*","matchCriteriaId":"4B2107C8-4A67-4889-94B7-9DA5BBD9CB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.6:*:*:*:*:*:*:*","matchCriteriaId":"800BF17A-7C55-40A6-8421-261093611C57"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"1C9C1735-379E-4919-919D-871C7EA6F85D"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4D554B7F-DEC4-4238-9346-CD1E3B1223E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9E097A07-B9D8-4117-BCE5-32BCFF9905DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E52E7D8E-67EF-4EA9-9B3B-2E00F4A271C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.0.4:*:*:*:*:*:*:*","matchCriteriaId":"EADDA578-EDE7-42FD-B05F-64FA59733FF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.0.5:*:*:*:*:*:*:*","matchCriteriaId":"4F49D6F3-17C1-4731-828E-7A2B4A1A1260"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_server:8.1.0:*:*:*:*:*:*:*","matchCriteriaId":"43231F06-F9D3-4961-902B-96E3A807410B"}]}]}],"references":[{"url":"http://www.debian.org/security/2015/dsa-3373","source":"cve@mitre.org"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2015-014","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2015/dsa-3373","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2015-014","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}