Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3195

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3195
Last Modified 07 Mar 2011 10:10:21
Published 18 Sep 2008 11:04:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3195

Summary

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

Vulnerable Systems

Application

  • Twiki 4.0

  • Twiki 4.0.0

  • Twiki 4.0.1

  • Twiki 4.0.2

  • Twiki 4.0.3

  • Twiki 4.0.4

  • Twiki 4.0.5

  • Twiki 4.1.0

  • Twiki 4.1.1

  • Twiki 4.1.2

  • Twiki 4.2.0

  • Twiki 4.2.1

  • Twiki 4.2.2


References

CERT-VN - VU#362012

CONFIRM - http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195

XF - twiki-configure-image-command-execution(45183)

XF - twiki-configure-directory-traversal(45182)

VUPEN - ADV-2008-2586

MILW0RM - 6269

CONFIRM - http://www.kb.cert.org/vuls/id/RGII-7JEQ7L

SREASON - 4265

SECUNIA - 31964

SECUNIA - 31849


Last Updated: 27 May 2016 10:48:06