Lucene search

K

[email protected]NVD:CVE-2009-5067

HistoryOct 10, 2012 - 6:55 p.m.

CVE-2009-5067

2012-10-1018:55:01

CWE-22

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a … (dot dot) in the “include file” SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

Affected configurations

NVD

Node

html2ps_projecthtml2psRange≤1.0b5

OR

html2ps_projecthtml2psMatch1.0b1

OR

html2ps_projecthtml2psMatch1.0b2

OR

html2ps_projecthtml2psMatch1.0b3

OR

html2ps_projecthtml2psMatch1.0b4

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633

packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.html

user.it.uu.se/~jan/html2ps-1.0b7.tar.gz

www.mandriva.com/security/advisories?name=MDVSA-2012:161

www.openwall.com/lists/oss-security/2012/10/05/1

www.openwall.com/lists/oss-security/2012/10/05/5

www.securityfocus.com/bid/36524

bugzilla.redhat.com/show_bug.cgi?id=526513

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

Related for NVD:CVE-2009-5067

ubuntucve1 nessus2 openvas2 cve1 prion1 cvelist1 debiancve1