diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 99bfbdf9c8c4..6a38c3f5b61f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -39,18 +39,20 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>twiki</name> - <range><ge>4.0.0</ge><le>4.0.5</le></range> - <range><ge>4.1.0</ge><le>4.1.2</le></range> - <range><ge>4.2.0</ge><le>4.2.2</le></range> + <range><lt>4.2.3</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>Th1nk3r (cnwfhguohrugbo / gmail.com) reports:</p> + <p>Th1nk3r reports:</p> <blockquote cite="http://www.milw0rm.com/exploits/6269"> - <p>TWiki version 4.2.0 (I haven't tested other versions) is - vulnerable to a File Disclosure. It's only possible to - exploit the bug if you can access the "/bin/configure" script.</p> + <p>The version of TWiki installed on the remote host allows access to + the 'configure' script and fails to sanitize the 'image' parameter + of that script of directory traversal sequences before returning the + file contents when the 'action' parameter is set to 'image'. An + unauthenticated attacker can leverage this issue to view arbitrary + files on the remote host subject to the privileges of the web server + user id. .</p> </blockquote> </body> </description> |