Title: HTML2WML Scheme File Arbitrary Access Vulnerability
Severity: HIGH
Description:
HTML2WML is a freely available, open source Linux application for converting Hypertext Markup Language to Wireless Meta Language. It is maintained by Sébastien Aperghis-Tramoni.
A problem with the script could make it possible for users to gain access to sensitive files. The problem is in the handling of the WML conversion CGI script.
The CGI script allows users to request various HTML files on the site, and converts them to WML. This is performed by the script each time the visitor places a request.
The script allows access to the scheme file. This could allow a remote user to gain access to sensitive information.
Affected Products:
- Html2Wml Html2Wml 0.4.0
- Html2Wml Html2Wml 0.4.1
- Html2Wml Html2Wml 0.4.2
- Html2Wml Html2Wml 0.4.3
- Html2Wml Html2Wml 0.4.4
- Html2Wml Html2Wml 0.4.5
- Html2Wml Html2Wml 0.4.6
- Html2Wml Html2Wml 0.4.7
- Html2Wml Html2Wml 0.4.8b1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
