Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2877

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2877
Last Modified 05 Sep 2008 04:52:54
Published 16 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2877

Summary

The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.

Vulnerable Systems

Application

  • Twiki 2000-12-01

  • Twiki 2001-12-01

  • Twiki 2003-02-01

  • Twiki 2004-09-01

  • Twiki 2004-09-02


References

CERT-VN - VU#757181

BID - 14834

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev

BUGTRAQ - 20050914 TWiki Remote Command Execution Vulnerability


Last Updated: 27 May 2016 10:40:40