Overview
A lack of input validation in the TWiki revision control function may allow a remote, unauthenticated attacker to execute arbitrary commands.
Description
TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-controlled URI parameters supplied to the revision control function for malicious content. Specifically, the rev parameter is not filtered for shell metacharacters before being used to construct a shell command. By sending a specially crafted URI to a system running TWiki, an remote, unauthenticated attacker may be able to execute arbitrary commands on that system. Note that exploits are publicly available for this vulnerability. More detailed information is available in the TWiki Security Alert. |
Impact
By sending a specially crafted URI to TWiki, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the CGI process, typically nobody. |
Solution
Apply hotfix |
Restrict access
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Sap. TWiki credits PeterThoeny, Crawford Currie, Sven Dowideit, Colas Nahaboo, Will Norris, Richard Donkin, B4dP4nd4 and Florian Weimer for providing information regarding this issue.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2005-2877 |
| Severity Metric: | 12.57 |
| Date Public: | 2005-09-14 |
| Date First Published: | 2005-09-20 |
| Date Last Updated: | 2005-10-04 19:45 UTC |
| Document Revision: | 46 |