Intrusion Prevention

Koha.KohaOpacLanguage.Cookie.Parameter.Directory.Traversal

Description

This indicates an attack attempt against a Directory Traversal vulnerability in Koha.
The vulnerability is caused by an error when the vulnerable software handles a http request with malicious KohaOpacLanguage cookie. A remote attacker can exploit this to gain unauthorized access to sensitive information.

Affected Products

Koha 3.4 before 3.4.7 and 3.6 before 3.6.1

Impact

Information Disclosure: Remote attacker can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629

CVE References

CVE-2011-4715