Vulnerability Description
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ikiwiki | Ikiwiki | <= 3.141592 |
References
- http://ikiwiki.info/security/#index35h2Vendor Advisory
- http://osvdb.org/57575
- http://secunia.com/advisories/36516Vendor Advisory
- http://secunia.com/advisories/36539
- http://www.debian.org/security/2009/dsa-1875
- http://www.securityfocus.com/bid/36181Patch
- http://www.vupen.com/english/advisories/2009/2475PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52922
- http://ikiwiki.info/security/#index35h2Vendor Advisory
- http://osvdb.org/57575
- http://secunia.com/advisories/36516Vendor Advisory
- http://secunia.com/advisories/36539
- http://www.debian.org/security/2009/dsa-1875
- http://www.securityfocus.com/bid/36181Patch
- http://www.vupen.com/english/advisories/2009/2475PatchVendor Advisory
FAQ
What is CVE-2009-2944?
CVE-2009-2944 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
How severe is CVE-2009-2944?
CVE-2009-2944 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2944?
Check the references section above for vendor advisories and patch information. Affected products include: Ikiwiki Ikiwiki.