Vulnerability Note VU#845747
PTK contains multiple vulnerabilities
Overview
The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks.
Description
PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0 to 1.0.4 contain multiple vulnerabilities. These vulnerabilities may be triggered remotely or during the inspection of local HTML files that are rendered in web browsers. |
Impact
A remote unauthenticated attacker may be able to execute arbitrary javascript or run commands in the context of the Apache web server. |
Solution
Upgrade Users and administrators are encouraged to update to the most recent version of PTK. |
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| DFLabs | Affected | - | 13 Mar 2009 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Gabriele Zanoni (Secure Network Srl, g.zanoni@securenetwork.it) for reporting this issue, and thanks to DFLabs for providing technical information.
This document was written by Ryan Giobbi.
Other Information
- CVE IDs: Unknown
- Date Public: 13 Mar 2009
- Date First Published: 13 Mar 2009
- Date Last Updated: 13 Mar 2009
- Severity Metric: 0.56
- Document Revision: 51
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.