NethServer Version: 6.8
Module: ownCloud
Good morning,
there is a problem I read on this
Testing our own owncloud, Igot these results:
…
Running ownCloud 7.0.13.2
NOT on latest patch level
Major version NOT supported
**Scanned at 2017-03-07 06:25:28 **
Vulnerabilities
Your instance has known vulnerabilities, below you can see a list of them. Learn more about our security efforts.
High
Your version is end-of-life and is very likely affected by many more vulnerabilities. You should update as soon as possible.
Low
Open Redirector involving user interaction
Disclosure of arbitrary certificate files
Hardenings
A security hardening is a feature which protects software from attacks even if it is affected by a certain vulnerability. For an overview of security hardening capabilities we’ve recently developed, see this blog.
Below is a list of hardening features your server has enabled.
**Bruteforce protection **
**CSPv3 **
**Same-Site-Cookies **
**Password confirmation **
**__Host-Prefix **
**App passwords can be restricted **
Setup
Besides features of the private cloud software itself, one can configure their Apache or NGINX server more or less securely. Please note that many security settings available cannot be checked from the outside! We strongly recommend you read our Security Hardening Guide and follow the instructions there.
Here are the results of a number of checks against your server.
Headers
**X-Frame-Options **
**X-Content-Type-Options **
**X-XSS-Protection **
**X-Download-Options **
**X-Permitted-Cross-Domain-Policies **
Our recommendation
We strongly recommend to keep a private cloud server constantly updated. Servers not running the latest security update in a supported release series are often vulnerable. For Nextcloud, the latest releases are Nextcloud 11.0.2, 10.0.4 and 9.0.57. For ownCloud, that would be ownCloud 8.1.12, 8.2.10, 9.0.8 or 9.1.4. You can find new versions here for Nextcloud and here for ownCloud. Nextcloud strives to make upgrading a safe, easy and painless procedure. You can learn why and how to upgrade to the latest version of Nextcloud 11 here.
**We further recommend to read our Security Hardening Guide and follow the instructions there. **
Let us help you keep your data secure
Our customers get proactive help with upgrading and keeping their systems secure. We also warn them in advance when security problems are found. Learn about Nextcloud’s security efforts.
If you are interested in our services, we have a special time limited offer for prospective customers who can show us a copy of the email warning them of an unsafe instance.
…
What to do ?
Greetings !