Sign-up

ID

VAR-201112-0305


CVE

CVE-2011-4715


TITLE

Koha and LibLime Koha Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2011-003333

DESCRIPTION

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. LibLime Koha has a local file containing vulnerability. An attacker can exploit a vulnerability to gain sensitive information and execute arbitrary code in the context of a web server process, jeopardizing applications and computers. This may allow the attacker to compromise the application and computer; other attacks are also possible. Koha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koha "KohaOpacLanguage" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information. Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/mainpage.pl is not properly verified in cgi-bin/opac/opac-main.pl before being used to include files. The vulnerability is confirmed in version 4.02.06. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Akin Tosunlar, Vigasis Labs ORIGINAL ADVISORY: Vigasis Labs: http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-4715 // JVNDB: JVNDB-2011-003333 // CNVD: CNVD-2011-5088 // BID: 50812 // IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // PACKETSTORM: 107287

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5088

AFFECTED PRODUCTS

vendor:kohamodel:kohascope:eqversion:3.04.06

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.04

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.00

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.01

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.06.00.000

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.05

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.03

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.02

Trust: 1.6

vendor:kohamodel:liblime kohascope:lteversion:4.2

Trust: 1.0

vendor:kohamodel:library software community kohascope:eqversion:3.4.1

Trust: 0.9

vendor:kohamodel:library software community kohascope:eqversion:3.4.2

Trust: 0.9

vendor:kohamodel:kohascope:ltversion:3.6

Trust: 0.8

vendor:kohamodel:liblime kohascope:lteversion:4.2 and earlier

Trust: 0.8

vendor:kohamodel:kohascope:ltversion:3.4

Trust: 0.8

vendor:kohamodel:kohascope:eqversion:3.6.1

Trust: 0.8

vendor:kohamodel:kohascope:eqversion:3.4.7

Trust: 0.8

vendor:kohamodel:library software community kohascope:eqversion:4.2

Trust: 0.6

vendor:kohamodel:liblime kohascope:eqversion:4.2

Trust: 0.6

vendor:kohamodel:library software community kohascope:eqversion:3.6

Trust: 0.3

vendor:kohamodel:library software community kohascope:eqversion:3.4.6

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.6.1

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.4.7

Trust: 0.3

vendor:liblime kohamodel: - scope:eqversion:*

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.06.00.000

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.00

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.01

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.02

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.03

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.04

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.05

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.06

Trust: 0.2

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5088 // BID: 50812 // JVNDB: JVNDB-2011-003333 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4715
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4715
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201112-130
value: MEDIUM

Trust: 0.6

IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4715
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003333 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-003333 // NVD: CVE-2011-4715

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201111-450 // CNNVD: CNNVD-201112-130

TYPE

Path traversal

Trust: 0.8

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003333

PATCH
title:[#21464023] Security: arbitrary file inclusionurl:https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm
Trust: 0.8
title:Koha 3.6.1url:http://koha-community.org/koha-3-6-1/
Trust: 0.8
title:Koha 3.4.7url:http://koha-community.org/koha-3-4-7/
Trust: 0.8
title:koha-3.06.01url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42015
Trust: 0.6
title:koha-3.04.07url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42014
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-003333 // 
            
            
            
            CNNVD: CNNVD-201112-130

EXTERNAL IDS
db:BIDid:50812
Trust: 3.1
db:NVDid:CVE-2011-4715
Trust: 2.9
db:SECUNIAid:46980
Trust: 1.7
db:EXPLOIT-DBid:18153
Trust: 1.6
db:OSVDBid:77322
Trust: 1.6
db:CNVDid:CNVD-2011-5088
Trust: 0.8
db:CNNVDid:CNNVD-201112-130
Trust: 0.8
db:JVNDBid:JVNDB-2011-003333
Trust: 0.8
db:CNNVDid:CNNVD-201111-450
Trust: 0.6
db:XFid:71478
Trust: 0.6
db:IVDid:BC1048B6-1F7D-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:107287
Trust: 0.1
sources:
            
            
            IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-5088 // 
            
            
            
            BID: 50812 // 
            
            
            
            JVNDB: JVNDB-2011-003333 // 
            
            
            
            PACKETSTORM: 107287 // 
            
            
            
            CNNVD: CNNVD-201111-450 // 
            
            
            
            CNNVD: CNNVD-201112-130 // 
            
            
            
            NVD: CVE-2011-4715

REFERENCES
url:http://www.securityfocus.com/bid/50812
Trust: 2.8
url:http://www.vigasis.com/en/?guncel_guvenlik=liblime%20koha%20%3c=%204.2%20local%20file%20inclusion%20vulnerability&lnk=exploits/18153
Trust: 1.7
url:https://github.com/liblime/liblime-koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#c4/output.pm
Trust: 1.6
url:http://www.exploit-db.com/exploits/18153
Trust: 1.6
url:http://secunia.com/advisories/46980
Trust: 1.6
url:http://osvdb.org/77322
Trust: 1.6
url:http://koha-community.org/koha-3-6-1/#more-2929
Trust: 1.6
url:http://koha-community.org/koha-3-4-7/#more-2971
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71478
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4715
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4715
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/71478
Trust: 0.6
url:http://koha-community.org/
Trust: 0.3
url:http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46980
Trust: 0.1
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/46980/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/46980/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-5088 // 
            
            
            
            BID: 50812 // 
            
            
            
            JVNDB: JVNDB-2011-003333 // 
            
            
            
            PACKETSTORM: 107287 // 
            
            
            
            CNNVD: CNNVD-201111-450 // 
            
            
            
            CNNVD: CNNVD-201112-130 // 
            
            
            
            NVD: CVE-2011-4715

CREDITS
Akin Tosunlar(Vigasis Labs)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201111-450

SOURCES
db:IVDid:bc1048b6-1f7d-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5088
db:BIDid:50812
db:JVNDBid:JVNDB-2011-003333
db:PACKETSTORMid:107287
db:CNNVDid:CNNVD-201111-450
db:CNNVDid:CNNVD-201112-130
db:NVDid:CVE-2011-4715

LAST UPDATE DATE
2024-08-14T14:34:35.942000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5088date:2011-11-28T00:00:00
db:BIDid:50812date:2011-12-20T21:59:00
db:JVNDBid:JVNDB-2011-003333date:2011-12-13T00:00:00
db:CNNVDid:CNNVD-201111-450date:2011-11-28T00:00:00
db:CNNVDid:CNNVD-201112-130date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4715date:2017-08-29T01:30:32.787

SOURCES RELEASE DATE
db:IVDid:bc1048b6-1f7d-11e6-abef-000c29c66e3ddate:2011-11-28T00:00:00
db:CNVDid:CNVD-2011-5088date:2011-11-28T00:00:00
db:BIDid:50812date:2011-11-24T00:00:00
db:JVNDBid:JVNDB-2011-003333date:2011-12-13T00:00:00
db:PACKETSTORMid:107287date:2011-11-26T01:20:36
db:CNNVDid:CNNVD-201111-450date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-130date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4715date:2011-12-08T19:55:08.187