Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1387

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-1387
Last Modified 07 Mar 2011 09:32:58
Published 26 Mar 2006 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1387

Summary

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.

Vulnerable Systems

Application

  • Twiki 2001-09-01

  • Twiki 2001-12-01

  • Twiki 2003-02-01

  • Twiki 2004-09-01

  • Twiki 2004-09-02

  • Twiki 2004-09-03

  • Twiki 2004-09-04

  • Twiki 4.0

  • Twiki 4.0.1


References

VUPEN - ADV-2006-1116

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude

XF - twiki-include-edit-dos(25445)

BID - 17267

SECUNIA - 19410


Last Updated: 27 May 2016 10:42:02