Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2383

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2383
Last Modified 29 Apr 2014 08:18:44
Published 28 Apr 2014 10:09:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2383

Summary

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

Vulnerable Systems

Application

  • Dompdf 0.6.0


References

MISC - https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/

CONFIRM - https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028

BUGTRAQ - 20140423 CVE-2014-2383 - Arbitrary file read in dompdf


Last Updated: 27 May 2016 11:05:06