TWiki remote code execution vulnerability Effective Date: 10/27/2014 Product: TWiki.org versions 4.0.0-5, 4.1.0-2, 4.2.0-4, 4.3.0-2, 5.0.0-2, 5.1.0-4, 6.0.0 Platform: All Platforms There is a vulnerability in TWiki that allows remote code execution via crafted URL via debugenableplugins. An attacker does not need to be authenticated for an exploit to work. If you run a TWiki (from TWiki.org) webserver, you must: 1) Decide if this installation is necessary or not (please remove if it is not used) 2) Ensure the installation is at the latest release and patch levels NOW 3) Ensure the installation is CONSISTENTLY at the latest release and patch levels going forward. If this is not possible, please see 1). Reference URL: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 |
For
assistance contact servicedesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified on Oct 5, 2012. (Address comments about page to the Computer Security Team.) |