|
Family: Gain a shell remotely --> Category: attack
TWiki rev Parameter Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for rev parameter command execution vulnerability in TWiki
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI application that is prone to
arbitrary command execution.
Description :
The installed version of TWiki allows a possible hacker, by manipulating
input to the 'rev' parameter, to execute arbitrary shell commands on
the remote host subject to the rights of the web server user id.
See also :
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev
Solution :
Apply the appropriate hotfix listed in the vendor advisory above.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|