DOMPDF Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in DOMPDF:#- CVE-2014-5011: information disclosure#- CVE-2014-5012: denial of service#- CVE-2014-5013: arbitrary code execution. A consequence of the CVE-2014-2383 vulnerability#- CVE-2014-2383: arbitrary local file read by using PHP stream filters. Requires DOMPDF_ENABLE_REMOTE to be enabled.##The php-dompdf packages provided by Debian Jessie 8 are vulnerable (CVE-2014-5011, CVE-2014-5012, CVE-2014-5013).)
     
Vulnerable Products   Vulnerable OS:
GNU/Linux (Debian) - 8
     
Solution   Version 0.6.2 of dompdf fixes these vulnerabilities.
     
CVE   CVE-2014-5013
CVE-2014-5012
CVE-2014-5011
CVE-2014-2383
     
References   - Debian Security Tracker : DST php-dompdf
https://security-tracker.debian.org/tracker/CVE-2014-5011
- Debian Security Tracker : DST php-dompdf
https://security-tracker.debian.org/tracker/CVE-2014-5012
- Debian Security Tracker : DST php-dompdf
https://security-tracker.debian.org/tracker/CVE-2014-5013
- Debian Security Tracker : DST php-dompdf
https://security-tracker.debian.org/tracker/CVE-2014-2383
- GitHub DOMPDF : DOMPDF 0.6.2
https://github.com/dompdf/dompdf/releases/tag/v0.6.2
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Local File Inclusion - suspicious php filter base64 encode found in URL
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-02-08 

 Target Type 
Server 

 Possible exploit 
Remote