Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-5067

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-5067
Last Modified 30 Jan 2013 12:00:00
Published 10 Oct 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-5067

Summary

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

Vulnerable Systems

Application

  • Html2ps Project Html2ps 1.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=526513

BID - 36524

MLIST - [oss-security] 20121005 Re: CVE Request: html2ps

MLIST - [oss-security] 20121005 CVE Request: html2ps

MANDRIVA - MDVSA-2012:161

CONFIRM - http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gz

MISC - http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633


Last Updated: 27 May 2016 11:00:57