CVE-2014-2047

medium

Published 2014-03-14 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://owncloud.org/about/security/advisories/oC-SA-2014-001/

Application impact

Vendor	Product	Versions	Fixed
owncloud	owncloud	`{"endIncluding":"6.0.1"}`
owncloud	owncloud_server	`6.0.0`

References

http://owncloud.org/about/security/advisories/oC-SA-2014-001/
http://owncloud.org/about/security/advisories/oC-SA-2014-001/

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.