Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-5067
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Oct, 2012 | 18:55
Updated At-11 Apr, 2025 | 00:51

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
html2ps_project
html2ps_project
>>html2ps>>Versions up to 1.0(inclusive)
cpe:2.3:a:html2ps_project:html2ps:*:b5:*:*:*:*:*:*
html2ps_project
html2ps_project
>>html2ps>>1.0
cpe:2.3:a:html2ps_project:html2ps:1.0:b1:*:*:*:*:*:*
html2ps_project
html2ps_project
>>html2ps>>1.0
cpe:2.3:a:html2ps_project:html2ps:1.0:b2:*:*:*:*:*:*
html2ps_project
html2ps_project
>>html2ps>>1.0
cpe:2.3:a:html2ps_project:html2ps:1.0:b3:*:*:*:*:*:*
html2ps_project
html2ps_project
>>html2ps>>1.0
cpe:2.3:a:html2ps_project:html2ps:1.0:b4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633secalert@redhat.com
N/A
http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlsecalert@redhat.com
Exploit
http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzsecalert@redhat.com
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2012:161secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/10/05/1secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/10/05/5secalert@redhat.com
N/A
http://www.securityfocus.com/bid/36524secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=526513secalert@redhat.com
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633af854a3a-2127-422b-91ae-364da2661108
N/A
http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzaf854a3a-2127-422b-91ae-364da2661108
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2012:161af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/10/05/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/10/05/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/36524af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=526513af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found