Lucene search
SAINT CorporationSAINT:3041C77976F2ACCCFB6356B6FC4387A5HistoryApr 06, 2006 - 12:00 a.m.
TWiki revision control shell command injection
2006-04-0600:00:00
SAINT Corporation
www.saintcorporation.com
19
0.968 High
EPSS
Percentile
99.6%
Added: 04/06/2006
CVE: CVE-2005-2877
BID: 14834
OSVDB: 19403
Background
TWiki is a web-based collaboration platform written in PERL.
Problem
The revision control function in TWiki does not sufficiently check the **rev** parameter before using it in a shell command call. This allows remote attackers to execute arbitrary commands using a **rev** parameter containing shell metacharacters.
Resolution
Apply the patch referenced in CIAC Bulletin P-307.
References
<http://archives.neohapsis.com/archives/bugtraq/2005-09/0154.html>
Related
saint
saint
TWiki revision control shell command injection
2006-04-06 00:00:00
TWiki revision control shell command injection
2006-04-06 00:00:00
TWiki revision control shell command injection
2006-04-06 00:00:00
checkpoint_advisories
checkpoint_advisories
TWiki rev Parameter Shell Command Injection (CVE-2005-2877)
2009-10-05 00:00:00
securityvulns
securityvulns
TWiki Remote Command Execution Vulnerability
2005-09-15 00:00:00
cve
cve
CVE-2005-2877
2005-09-16 20:03:00
packetstorm
packetstorm
TWiki History TWikiUsers rev Parameter Command Execution
2010-02-23 00:00:00
nessus
nessus
TWiki 'rev' Parameter Arbitrary Command Execution
2005-09-15 00:00:00
cert
cert
TWiki does not properly sanitize URI parameters
2005-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2005-2877
2005-09-16 00:00:00