Lucene search

[email protected]CVE-2004-1037

HistoryMar 01, 2005 - 5:00 a.m.

CVE-2004-1037

2005-03-0105:00:00

[email protected]

web.nvd.nist.gov

security

twiki

cve-2004-1037

remote attackers

arbitrary commands

shell metacharacters

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Affected configurations

NVD

Node

twikitwikiMatch2003-02-01

Node

gentoolinux

CPENameOperatorVersion
twiki:twikitwikieq2003-02-01

CPE	Name	Operator	Version
twiki:twiki	twiki	eq	2003-02-01

References

archives.neohapsis.com/archives/bugtraq/2004-11/0201.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918

marc.info/?l=bugtraq&m=110037207516456&w=2

security.gentoo.org/glsa/glsa-200411-33.xml

twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch

www.ciac.org/ciac/bulletins/p-039.shtml

www.securityfocus.com/bid/11674

exchange.xforce.ibmcloud.com/vulnerabilities/18062

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.914 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2004-1037

freebsd1 gentoo1 saint4 securityvulns1 openvas4 ubuntucve1 nvd1 nessus3 packetstorm1 cvelist1