ID

VAR-201112-0305


CVE

CVE-2011-4715


TITLE

Koha and LibLime Koha Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2011-003333

DESCRIPTION

Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm. LibLime Koha has a local file containing vulnerability. An attacker can exploit a vulnerability to gain sensitive information and execute arbitrary code in the context of a web server process, jeopardizing applications and computers. This may allow the attacker to compromise the application and computer; other attacks are also possible. Koha 3.4.x prior to 3.4.7 and 3.6.x prior to 3.6.1 are vulnerable. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koha "KohaOpacLanguage" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information. Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/mainpage.pl is not properly verified in cgi-bin/opac/opac-main.pl before being used to include files. The vulnerability is confirmed in version 4.02.06. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Akin Tosunlar, Vigasis Labs ORIGINAL ADVISORY: Vigasis Labs: http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-4715 // JVNDB: JVNDB-2011-003333 // CNVD: CNVD-2011-5088 // BID: 50812 // IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // PACKETSTORM: 107287

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5088

AFFECTED PRODUCTS

vendor:kohamodel:kohascope:eqversion:3.04.06

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.04

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.00

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.01

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.06.00.000

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.05

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.03

Trust: 1.6

vendor:kohamodel:kohascope:eqversion:3.04.02

Trust: 1.6

vendor:kohamodel:liblime kohascope:lteversion:4.2

Trust: 1.0

vendor:kohamodel:library software community kohascope:eqversion:3.4.1

Trust: 0.9

vendor:kohamodel:library software community kohascope:eqversion:3.4.2

Trust: 0.9

vendor:kohamodel:kohascope:ltversion:3.6

Trust: 0.8

vendor:kohamodel:liblime kohascope:lteversion:4.2 and earlier

Trust: 0.8

vendor:kohamodel:kohascope:ltversion:3.4

Trust: 0.8

vendor:kohamodel:kohascope:eqversion:3.6.1

Trust: 0.8

vendor:kohamodel:kohascope:eqversion:3.4.7

Trust: 0.8

vendor:kohamodel:library software community kohascope:eqversion:4.2

Trust: 0.6

vendor:kohamodel:liblime kohascope:eqversion:4.2

Trust: 0.6

vendor:kohamodel:library software community kohascope:eqversion:3.6

Trust: 0.3

vendor:kohamodel:library software community kohascope:eqversion:3.4.6

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.6.1

Trust: 0.3

vendor:kohamodel:library software community kohascope:neversion:3.4.7

Trust: 0.3

vendor:liblime kohamodel: - scope:eqversion:*

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.06.00.000

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.00

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.01

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.02

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.03

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.04

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.05

Trust: 0.2

vendor:kohamodel: - scope:eqversion:3.04.06

Trust: 0.2

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5088 // BID: 50812 // JVNDB: JVNDB-2011-003333 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4715
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4715
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201112-130
value: MEDIUM

Trust: 0.6

IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4715
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003333 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-003333 // NVD: CVE-2011-4715

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201111-450 // CNNVD: CNNVD-201112-130

TYPE

Path traversal

Trust: 0.8

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-130

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003333

PATCH

title:[#21464023] Security: arbitrary file inclusionurl:https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm

Trust: 0.8

title:Koha 3.6.1url:http://koha-community.org/koha-3-6-1/

Trust: 0.8

title:Koha 3.4.7url:http://koha-community.org/koha-3-4-7/

Trust: 0.8

title:koha-3.06.01url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42015

Trust: 0.6

title:koha-3.04.07url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42014

Trust: 0.6

sources: JVNDB: JVNDB-2011-003333 // CNNVD: CNNVD-201112-130

EXTERNAL IDS

db:BIDid:50812

Trust: 3.1

db:NVDid:CVE-2011-4715

Trust: 2.9

db:SECUNIAid:46980

Trust: 1.7

db:EXPLOIT-DBid:18153

Trust: 1.6

db:OSVDBid:77322

Trust: 1.6

db:CNVDid:CNVD-2011-5088

Trust: 0.8

db:CNNVDid:CNNVD-201112-130

Trust: 0.8

db:JVNDBid:JVNDB-2011-003333

Trust: 0.8

db:CNNVDid:CNNVD-201111-450

Trust: 0.6

db:XFid:71478

Trust: 0.6

db:IVDid:BC1048B6-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:107287

Trust: 0.1

sources: IVD: bc1048b6-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5088 // BID: 50812 // JVNDB: JVNDB-2011-003333 // PACKETSTORM: 107287 // CNNVD: CNNVD-201111-450 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

REFERENCES

url:http://www.securityfocus.com/bid/50812

Trust: 2.8

url:http://www.vigasis.com/en/?guncel_guvenlik=liblime%20koha%20%3c=%204.2%20local%20file%20inclusion%20vulnerability&lnk=exploits/18153

Trust: 1.7

url:https://github.com/liblime/liblime-koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#c4/output.pm

Trust: 1.6

url:http://www.exploit-db.com/exploits/18153

Trust: 1.6

url:http://secunia.com/advisories/46980

Trust: 1.6

url:http://osvdb.org/77322

Trust: 1.6

url:http://koha-community.org/koha-3-6-1/#more-2929

Trust: 1.6

url:http://koha-community.org/koha-3-4-7/#more-2971

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71478

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4715

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4715

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/71478

Trust: 0.6

url:http://koha-community.org/

Trust: 0.3

url:http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46980

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/46980/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/46980/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-5088 // BID: 50812 // JVNDB: JVNDB-2011-003333 // PACKETSTORM: 107287 // CNNVD: CNNVD-201111-450 // CNNVD: CNNVD-201112-130 // NVD: CVE-2011-4715

CREDITS

Akin Tosunlar(Vigasis Labs)

Trust: 0.6

sources: CNNVD: CNNVD-201111-450

SOURCES

db:IVDid:bc1048b6-1f7d-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5088
db:BIDid:50812
db:JVNDBid:JVNDB-2011-003333
db:PACKETSTORMid:107287
db:CNNVDid:CNNVD-201111-450
db:CNNVDid:CNNVD-201112-130
db:NVDid:CVE-2011-4715

LAST UPDATE DATE

2024-08-14T14:34:35.942000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5088date:2011-11-28T00:00:00
db:BIDid:50812date:2011-12-20T21:59:00
db:JVNDBid:JVNDB-2011-003333date:2011-12-13T00:00:00
db:CNNVDid:CNNVD-201111-450date:2011-11-28T00:00:00
db:CNNVDid:CNNVD-201112-130date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4715date:2017-08-29T01:30:32.787

SOURCES RELEASE DATE

db:IVDid:bc1048b6-1f7d-11e6-abef-000c29c66e3ddate:2011-11-28T00:00:00
db:CNVDid:CNVD-2011-5088date:2011-11-28T00:00:00
db:BIDid:50812date:2011-11-24T00:00:00
db:JVNDBid:JVNDB-2011-003333date:2011-12-13T00:00:00
db:PACKETSTORMid:107287date:2011-11-26T01:20:36
db:CNNVDid:CNNVD-201111-450date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-130date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4715date:2011-12-08T19:55:08.187