Executive Summary
Summary | |
---|---|
Title | TWiki command execution vulnerability |
Informations | |||
---|---|---|---|
Name | VU#362012 | First vendor Publication | 2008-09-12 |
Vendor | VU-CERT | Last vendor Modification | 2008-09-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#362012TWiki command execution vulnerabilityOverviewThe TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files.I. DescriptionTWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by configuring Apache, then accessing a configuration script from a web browser. Before executing the configuration script, the TWiki installation instructions provide a generator for Apache configuration directives that is designed to prevent unauthorized access to the script.There is a command execution vulnerability in TWiki versions prior to 4.2.3. According to the TWiki download page, this issue can only be exploited if the configure script was not secured as described in step number 8 in the installation guide.
This workaround is unlikely to be effective in many cases, such as when the server uses the https protocol. This firewall rule should be tested before using on a production system. Systems Affected
References
Thanks to the TWiki team for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/362012 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20275 | |||
Oval ID: | oval:org.mitre.oval:def:20275 | ||
Title: | DSA-1639-1 twiki - command execution | ||
Description: | It was discovered that twiki, a web based collaboration platform, didn't properly sanitise the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1639-1 CVE-2008-3195 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | twiki |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7915 | |||
Oval ID: | oval:org.mitre.oval:def:7915 | ||
Title: | DSA-1639 twiki -- command execution | ||
Description: | It was discovered that twiki, a web based collaboration platform, didn't properly sanitise the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1639 CVE-2008-3195 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | twiki |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2008-09-21 | TWiki <= 4.2.2 (action) Remote Code Execution Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Debian Security Advisory DSA 1639-1 (twiki) File : nvt/deb_1639_1.nasl |
2008-09-17 | Name : FreeBSD Ports: twiki File : nvt/freebsd_twiki1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
48221 | TWiki bin/configure image Parameter Traversal Arbitrary File Access/Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-09-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1639.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9227dcaf827f11dd9cd70050568452ac.nasl - Type : ACT_GATHER_INFO |
2008-08-23 | Name : The remote web server hosts a CGI script that is affected by multiple vulnera... File : twiki_image_dir_traversal.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:46 |
|