What is the severity of REDHAT-BUG-835145?

The severity of REDHAT-BUG-835145 is considered medium due to the potential for information disclosure.

How do I fix REDHAT-BUG-835145?

To mitigate REDHAT-BUG-835145, ensure that you properly sanitize the HTTP POST inputs and adjust the PHP error reporting settings.

What software is affected by REDHAT-BUG-835145?

REDHAT-BUG-835145 specifically affects DokuWiki, a simple to use wiki software.

Can REDHAT-BUG-835145 be exploited remotely?

Yes, REDHAT-BUG-835145 can be exploited remotely by an attacker if the server's PHP error level is enabled.

What type of vulnerability is REDHAT-BUG-835145?

REDHAT-BUG-835145 is categorized as a full path disclosure vulnerability.

Vulnerability/
REDHAT-BUG-835145

low

25/6/2012

29/9/2019

REDHAT-BUG-835145

First published: Mon Jun 25 2012(Updated: )

A full path disclosure flaw was found in the way DokuWiki, a standards compliant, simple to use Wiki, performed sanitization of HTTP POST 'prefix' input value prior passing it to underlying PHP substr() routine, when the PHP error level has been enabled on the particular server. A remote attacker could use this flaw to obtain full path location of particular requested DokuWiki page by issuing a specially-crafted HTTP POST request. References: [1] <a href="http://www.openwall.com/lists/oss-security/2012/06/24/2">http://www.openwall.com/lists/oss-security/2012/06/24/2</a> [2] <a href="http://www.openwall.com/lists/oss-security/2012/06/25/2">http://www.openwall.com/lists/oss-security/2012/06/25/2</a>

Affected Software	Affected Version	How to fix
DokuWiki

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-835145?
The severity of REDHAT-BUG-835145 is considered medium due to the potential for information disclosure.
How do I fix REDHAT-BUG-835145?
To mitigate REDHAT-BUG-835145, ensure that you properly sanitize the HTTP POST inputs and adjust the PHP error reporting settings.
What software is affected by REDHAT-BUG-835145?
REDHAT-BUG-835145 specifically affects DokuWiki, a simple to use wiki software.
Can REDHAT-BUG-835145 be exploited remotely?
Yes, REDHAT-BUG-835145 can be exploited remotely by an attacker if the server's PHP error level is enabled.
What type of vulnerability is REDHAT-BUG-835145?
REDHAT-BUG-835145 is categorized as a full path disclosure vulnerability.

collector/redhat-bugzilla
alias/CVE-2012-3354
agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/severity
agent/description
agent/tags
agent/softwarecombine
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/dokuwiki
canonical/dokuwiki

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.