Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4715

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4715
Last Modified 10 Sep 2013 01:10:16
Published 08 Dec 2011 02:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4715

Summary

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.

Vulnerable Systems

Application

  • Koha 3.04.00

  • Koha 3.04.01

  • Koha 3.04.02

  • Koha 3.04.03

  • Koha 3.04.04

  • Koha 3.04.05

  • Koha 3.04.06

  • Koha 3.06.00.000

  • Liblime Koha 4.2


References

CONFIRM - https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm

XF - liblimekoha-opacmain-file-include(71478)

MISC - http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153

BID - 50812

EXPLOIT-DB - 18153

SECUNIA - 46980

OSVDB - 77322

CONFIRM - http://koha-community.org/koha-3-6-1/#more-2929

CONFIRM - http://koha-community.org/koha-3-4-7/#more-2971


Last Updated: 27 May 2016 10:57:50