|
|
Family: Gain a shell remotely --> Category: infos
TWiki INCLUDE Function Command Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for INCLUDE function command execution vulnerability in TWiki
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server includes a CGI script that allows for arbitrary
shell command execution.
Description :
According to its banner, the installed version of TWiki allows an
attacker, by manipulating input to the 'rev' parameter, to execute
arbitrary shell commands on the remote host subject to the rights
of the web server user id.
See also :
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude
Solution :
Apply the appropriate hotfix listed in the vendor advisory.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
