View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2011-3744 low priority: Ubuntu including 1 source packages (php-htmlpurifier), 34 status rows across 34 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hardy, hirsute, impish, jammy, kinetic, lucid, lunar, mantic, maverick, natty, noble, oneiric, oracular, plucky, precise, quantal, questing, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 25, needed 7, DNE 2.
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files.