VYPR
Unrated severityNVD Advisory· Published Feb 4, 2015· Updated Jun 17, 2026

CVE-2014-9044

CVE-2014-9044

Description

Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack.

Affected products

5
  • OwnCloud/Server3 versions
    cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.2:*:*:*:*:*:*:*
  • Range: <7.0.3
  • Range: <7.0.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.