Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2007

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2007
Last Modified 09 Jun 2009 12:00:00
Published 08 Jun 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2007

Summary

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.

Vulnerable Systems

Application

  • Dokeos 1.8.5


References

VUPEN - ADV-2009-1300

CONFIRM - http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8

XF - dokeos-unspecified-directory-traversal(50503)

BID - 34928

SECUNIA - 34879

MISC - http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html


Last Updated: 27 May 2016 10:50:44