CVE-2005-2877 - The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to

CVE-2005-2877

Summary

The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.

References

Vulnerable Configurations

cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 03:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14834
bugtraq	20050914 TWiki Remote Command Execution Vulnerability
cert-vn	VU#757181
confirm	http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev

saint via4

bid	14834
description	TWiki revision control shell command injection
id	web_prog_cgi_twikirev
osvdb	19403
title	twiki_rev
type	remote

Last major update

18-10-2016 - 03:31

Published

16-09-2005 - 20:03

Last modified

18-10-2016 - 03:31