Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> TWiki configure Script Arbitrary Command Execution Vulnerability


Vulnerability Assessment Details

TWiki configure Script Arbitrary Command Execution Vulnerability

Vulnerability Assessment Summary
Tries to run a command using TWiki

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server includes a CGI script that permits for arbitrary
code execution.

Description :

The version of TWiki installed on the remote host uses an unsafe
'eval' in the 'bin/configure' script that can be exploited by an
unauthenticated attacker to execute arbitrary Perl code subject to the
rights of the web server user id.

See also :

http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure

Solution :

Apply HotFix 2 or later for TWiki 4.0.4 or restrict access to the
TWiki configure script.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 19188

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Supermicro 2U 6028R-E1CR24N 24x LFF- Wholesale Build Your Own Storage Server picture

Supermicro 2U 6028R-E1CR24N 24x LFF- Wholesale Build Your Own Storage Server

$335.99



Supermicro 1U 6018U-TR4T+ w/ X10DRU-i+ - Wholesale Custom Build Your Server picture

Supermicro 1U 6018U-TR4T+ w/ X10DRU-i+ - Wholesale Custom Build Your Server

$219.99



2U 12 Bay Supermicro 6028U-TR4T+ w/ X10DRU-i+ Wholesale Custom Build Your Server picture

2U 12 Bay Supermicro 6028U-TR4T+ w/ X10DRU-i+ Wholesale Custom Build Your Server

$300.99



Supermicro CSE-825 2U Server Chassis 8 x 3.5

Supermicro CSE-825 2U Server Chassis 8 x 3.5" Backplane & 3x Chassis Fans

$149.99



HP ProLiant MicroServer Gen8 Server 12gb RAM I3-3240 NO HDD/OS picture

HP ProLiant MicroServer Gen8 Server 12gb RAM I3-3240 NO HDD/OS

$174.99



HPE ProLiant MicroServer Gen-8 Intel Xeon E3-1220L@2.30GHz 8GB RAM 2x 1TB HDD picture

HPE ProLiant MicroServer Gen-8 Intel Xeon E3-1220L@2.30GHz 8GB RAM 2x 1TB HDD

$239.99



HP MicroServer HSTNS-5151 N54L AMD Turion II, 8GB ECC, SSD, Windows Server 2008 picture

HP MicroServer HSTNS-5151 N54L AMD Turion II, 8GB ECC, SSD, Windows Server 2008

$149.00



HP ProLiant MicroServer Gen8 | Pentium G2020T @2.50GHz, 4GB Ram, B120i RAID picture

HP ProLiant MicroServer Gen8 | Pentium G2020T @2.50GHz, 4GB Ram, B120i RAID

$139.23



Supermicro CSE-826BE16-R920LPB 2U Server Chassis 2x920W 12x 3.5

Supermicro CSE-826BE16-R920LPB 2U Server Chassis 2x920W 12x 3.5" BPN-SAS2-826EL1

$199.99



HP ProLiant MicroServer Gen 8 Pentium G2020T 2.5GHz 10GB RAM No OS No Adapter picture

HP ProLiant MicroServer Gen 8 Pentium G2020T 2.5GHz 10GB RAM No OS No Adapter

$212.49



Discussions

No Discussions have been posted on this vulnerability.