owncloud, php-sabredav
2017-10-23 13:31
CVE-2014-2055 php-sabredav
CVE-2014-2055 owncloud
XEE issue that could expose local files or easily trigger a DOS attack.
2017-06-16 19:10
2017-05-10 22:47
2017-04-14 09:36
2017-04-01 21:00
2017-01-05 19:27


SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
trusty php-sabredav None
upstream owncloud 6.0.2+dfsg-1
php-sabredav 1.7.11+dfsg-1


Release Package Reason
lucid owncloud DNE
php-sabredav DNE
precise owncloud not-affected
php-sabredav DNE
precise/esm owncloud DNE
php-sabredav DNE
quantal owncloud ignored
php-sabredav ignored
saucy owncloud ignored
php-sabredav ignored
trusty owncloud not-affected
utopic owncloud DNE
php-sabredav ignored
vivid owncloud DNE
php-sabredav not-affected
vivid/stable-phone-overlay owncloud DNE
php-sabredav DNE
vivid/ubuntu-core owncloud DNE
php-sabredav DNE
wily owncloud DNE
php-sabredav not-affected
xenial owncloud DNE
php-sabredav not-affected
yakkety owncloud DNE
php-sabredav not-affected
zesty owncloud DNE
php-sabredav not-affected
artful owncloud DNE
php-sabredav not-affected
devel owncloud DNE
php-sabredav not-affected