CVE-2015-7298 in ownCloud and Qt Products
Published on October 26, 2015
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.
Products Associated with CVE-2015-7298
stack.watch emails you whenever new vulnerabilities are published in Owncloud Desktop Client or Qt. Just hit a watch button to start following.
Exploit Probability
EPSS
0.25%
Percentile
47.79%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.