Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> TWiki configure Script Arbitrary Command Execution Vulnerability


Vulnerability Assessment Details

TWiki configure Script Arbitrary Command Execution Vulnerability

Vulnerability Assessment Summary
Tries to run a command using TWiki

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server includes a CGI script that permits for arbitrary
code execution.

Description :

The version of TWiki installed on the remote host uses an unsafe
'eval' in the 'bin/configure' script that can be exploited by an
unauthenticated attacker to execute arbitrary Perl code subject to the
rights of the web server user id.

See also :

http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure

Solution :

Apply HotFix 2 or later for TWiki 4.0.4 or restrict access to the
TWiki configure script.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 19188

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


** Intel i3 10100F CPU Processor - USED  ** picture

** Intel i3 10100F CPU Processor - USED **

$47.99



Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture

Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...

$533.99



Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used picture

Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used

$64.00



AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed  picture

AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed

$309.99



Intel Core i7-12700 CPU Processor 4.9GHz 12-Core FCLGA1700 (SRL4Q) picture

Intel Core i7-12700 CPU Processor 4.9GHz 12-Core FCLGA1700 (SRL4Q)

$175.00



AMD Ryzen 5 7600X - 6-Core 4.7 GHz Socket AM5 105W Desktop CPU Processor picture

AMD Ryzen 5 7600X - 6-Core 4.7 GHz Socket AM5 105W Desktop CPU Processor

$197.98



AMD Ryzen 9 7950x Processor (5.7 GHz, 16 Cores, LGA 1718/Socket AM5)  picture

AMD Ryzen 9 7950x Processor (5.7 GHz, 16 Cores, LGA 1718/Socket AM5)

$340.00



SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor picture

SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor

$3.96



Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV picture

Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV

$49.99



AMD Ryzen 7 5700G Processor (4.6 GHz, 8 Core, 16 thread, Socket AM4) with cooler picture

AMD Ryzen 7 5700G Processor (4.6 GHz, 8 Core, 16 thread, Socket AM4) with cooler

$120.00



Discussions

No Discussions have been posted on this vulnerability.