CVE-2009-5067
published 2012-10-10CVE-2009-5067: Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI…
PriorityP333medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
7.63%
93.8th percentile
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | html2ps | < html2ps 1.0b7-1 (bookworm) | html2ps 1.0b7-1 (bookworm) |
| html2ps_project | html2ps | <= 1.0 | — |
| html2ps_project | html2ps | — | — |
| html2ps_project | html2ps | >= 0 < 1.0b7-1 | 1.0b7-1 |
| html2ps_project | html2ps | >= 0 < 1.0b7-1 | 1.0b7-1 |
| html2ps_project | html2ps | >= 0 < 1.0b7-1 | 1.0b7-1 |
| html2ps_project | html2ps | >= 0 < 1.0b7-1 | 1.0b7-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
html2ps: arbitrary file disclosure in SSI directives
vendor_redhat·2009-09-27·CVSS 4.3
CVE-2009-5067 [MEDIUM] html2ps: arbitrary file disclosure in SSI directives
html2ps: arbitrary file disclosure in SSI directives
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
Debian
CVE-2009-5067: html2ps - Directory traversal vulnerability in html2ps before 1.0b6 allows remote attacker...
vendor_debian·2009·CVSS 4.3
CVE-2009-5067 [MEDIUM] CVE-2009-5067: html2ps - Directory traversal vulnerability in html2ps before 1.0b6 allows remote attacker...
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
Scope: local
bookworm: resolved (fixed in 1.0b7-1)
bullseye: resolved (fixed in 1.0b7-1)
forky: resolved (fixed in 1.0b7-1)
sid: resolved (fixed in 1.0b7-1)
trixie: resolved (fixed in 1.0b7-1)
GHSA
GHSA-q52q-xhwr-p2mr: Directory traversal vulnerability in html2ps before 1
ghsa_unreviewed·2022-05-02
CVE-2009-5067 [MEDIUM] CWE-22 GHSA-q52q-xhwr-p2mr: Directory traversal vulnerability in html2ps before 1
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
OSV
CVE-2009-5067: Directory traversal vulnerability in html2ps before 1
osv·2012-10-10·CVSS 4.3
CVE-2009-5067 [MEDIUM] CVE-2009-5067: Directory traversal vulnerability in html2ps before 1
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlhttp://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:161http://www.openwall.com/lists/oss-security/2012/10/05/1http://www.openwall.com/lists/oss-security/2012/10/05/5http://www.securityfocus.com/bid/36524https://bugzilla.redhat.com/show_bug.cgi?id=526513http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548633http://packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlhttp://user.it.uu.se/~jan/html2ps-1.0b7.tar.gzhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:161http://www.openwall.com/lists/oss-security/2012/10/05/1http://www.openwall.com/lists/oss-security/2012/10/05/5http://www.securityfocus.com/bid/36524https://bugzilla.redhat.com/show_bug.cgi?id=526513
2012-10-10
Published