Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3819

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3819
Last Modified 07 Mar 2011 09:39:32
Published 26 Jul 2006 09:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3819

Summary

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".

Vulnerable Systems

Application

  • Twiki 4.0

  • Twiki 4.0.0

  • Twiki 4.0.1

  • Twiki 4.0.2

  • Twiki 4.0.3

  • Twiki 4.0.4


References

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure

VUPEN - ADV-2006-2995

XF - twiki-configure-command-injection(28049)

BID - 19188

OSVDB - 27556

SECTRACK - 1016603

SECUNIA - 21235


Last Updated: 27 May 2016 10:43:08