FKIE_CVE-2009-0918

Vulnerability from fkie_nvd - Published: 2009-03-16 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
References
cve@mitre.orghttp://ptk.dflabs.com/faq.htmlPatch, Vendor Advisory
cve@mitre.orghttp://ptk.dflabs.com/security.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/845747US Government Resource
cve@mitre.orghttp://www.kb.cert.org/vuls/id/RGII-7Q4GBJUS Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/34111
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49235
af854a3a-2127-422b-91ae-364da2661108http://ptk.dflabs.com/faq.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ptk.dflabs.com/security.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/845747US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/RGII-7Q4GBJUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34111
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49235
Impacted products
Vendor Product Version
dflabs ptk 1.0.0
dflabs ptk 1.0.1
dflabs ptk 1.0.2
dflabs ptk 1.0.3
dflabs ptk 1.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dflabs:ptk:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBFB91D9-2A63-4693-B945-6657CBB3C8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dflabs:ptk:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7788956-AF55-4AE2-AD75-1E862ED0DF34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dflabs:ptk:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F021F40-6D3C-4577-B0F6-1D53A5836CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dflabs:ptk:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C34A4D7-A2DC-4FFC-8F31-A5EB9B297C91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dflabs:ptk:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD0A3FF-7218-4CE9-9F0E-A68D1B3D7A07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK\u0027s Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en DFLabs PTK v1.0.0 hasta v1.0.4 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n en los procesos lanzados por el Apache HTTP Server de PTK mediante (1) \"herramientas externas\" o (2) una imagen forense manipulada."
    }
  ],
  "id": "CVE-2009-0918",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-16T19:30:00.577",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ptk.dflabs.com/faq.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ptk.dflabs.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/845747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34111"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ptk.dflabs.com/faq.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ptk.dflabs.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/845747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.