Vulnerability DatabaseCVE-2015-4456
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-4456
Published:October 26, 2015
Updated:May 17, 2026
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
Related Resources (6)
https://owncloud.org/security/advisory/?id=oc-sa-2015-009
http://www.debian.org/security/2015/dsa-3363
http://www.securityfocus.com/bid/75354
https://security-tracker.debian.org/tracker/CVE-2015-4456
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-4456
https://github.com/owncloud/client/issues/3283
Do you need more information?
Contact Us
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
0.16