CVE-2009-5067

Name of the Vulnerable Software and Affected Versions html2ps versions prior to 1.0b6

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the include file SSI directive. This might be a problem in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service.

Recommendations For versions prior to 1.0b6, update to version 1.0b6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the include file SSI directive to minimize the risk of exploitation.