Koha.KohaOpacLanguage.Cookie.Parameter.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a Directory Traversal vulnerability in Koha.
The vulnerability is caused by an error when the vulnerable software handles a http request with malicious KohaOpacLanguage cookie. A remote attacker can exploit this to gain unauthorized access to sensitive information.

affected-products-logoAffected Products

Koha 3.4 before 3.4.7 and 3.6 before 3.6.1

Impact logoImpact

Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's web site for suggested workaround.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)