CVE-2014-2383

Опубликовано: 28 апр. 2014

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

Ссылки

http://seclists.org/fulldisclosure/2014/Apr/258
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/531912/100/0/threaded
Broken Link
Third Party Advisory
VDB Entry
https://explore.avertium.com/resource/lfi-rfi-escalation-to-rce
https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028
Patch
Third Party Advisory
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
Broken Link
http://seclists.org/fulldisclosure/2014/Apr/258
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/531912/100/0/threaded
Broken Link
Third Party Advisory
VDB Entry
https://explore.avertium.com/resource/lfi-rfi-escalation-to-rce
https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028
Patch
Third Party Advisory
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dompdf:dompdf:*:beta3:*:*:*:*:*:*

Версия до 0.6.0 (включая)

EPSS

Процентиль: 98%

0.5489

Средний

6.8 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-2383

ubuntu

почти 12 лет назад

CVE-2014-2383

debian

почти 12 лет назад

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...

GHSA-qr6q-w4gj-3865

github

больше 3 лет назад

DOMPDF Arbitrary File Read

EPSS

Процентиль: 98%

0.5489

Средний

6.8 Medium

CVSS2

Дефекты

CWE-200