HTTP: TWiki Command Injection
This signature detects attempts to exploit a known vulnerability in TWiki, a Web-based collaboration application. Because TWiki does not properly check the rev parameter string for shell metacharacters, attackers can create a string containing quotes and shell commands, enabling them to execute arbitrary code with Web server privileges.
Extended Description
A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell. This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.
Affected Products
Twiki twiki
References
BugTraq: 14834
CVE: CVE-2005-2877
URL: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev
Short Name
HTTP:CGI:TWIKI-REV-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2005-2877 Command Injection TWiki bid:14834
Release Date
10/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Twiki
CVSS Score
7.5