This application requires Javascript for optimal performance.

Twiki.Search.Shell.Metacharacter.Command.Execution

Release Date

Mar 11, 2010

Severity

high

Impact

System compromise

Description

This indicates a possible attack against an arbitrary code execution vulnerability in TWiki which allows remote attackers to inject arbitrary commands via shell metacharacters in a search string.

Affected Products

TWiki TWiki 20040901
TWiki TWiki 20030201
TWiki TWiki 01-Feb-2003
TWiki TWiki 01-Dec-2001
TWiki TWiki 01-Dec-2000
Gentoo Linux
Conectiva Linux 10.0

Recommended Actions

Refer to the following webpage for hotfix and updates:
http://marc.info/?l=bugtraq&m=110037207516456&w=2

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2004-1037

Reference/s

http://www.securityfocus.com/bid/11674 (BugTraq)

Reference: VID-18236