HTTP: TWiki Search Module Remote Command Execution
This signature detects attempts to exploit a known vulnerability in the TWiki, a Web-based collaboration application. Because the TWiki search function does not properly check a search string for shell metacharacters, attackers can create a search string containing quotes and shell commands, enabling them to execute arbitrary code with Web server privileges. When TWiki access is unrestricted, attackers are not required to authenticate before using the search function.
Extended Description
TWiki is reported prone to a shell metacharacter remote command execution vulnerability. This issue may allow an attacker gain unauthorized access to a vulnerable computer by executing arbitrary commands. TWiki 20030201 is reported vulnerable to this issue, however, it is likely that other versions are affected as well.
Affected Products
Twiki twiki
Short Name
HTTP:CGI:TWIKI-SEARCH-CMD-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2004-1037 Command Execution Module Remote Search TWiki bid:11674
Release Date
02/23/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Conectiva
Twiki
Gentoo
CVSS Score
10.0