TWiki 'filename' Parameter Traversal Arbitrary File Access

medium Nessus Plugin ID 22362

Synopsis

The remote web server hosts a Perl script that is affected by a directory traversal attack.

Description

The version of TWiki running on the remote host allows directory traversal sequences in the 'filename' parameter in the viewfile() function of 'lib/TWiki/UI/View.pm'. An unauthenticated attacker can exploit this issue to view arbitrary files on the remote host subject to the privileges of the web server user id.

Solution

Apply Hotfix 3 for TWiki-4.0.4.

See Also

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294

Plugin Details

Severity: Medium

ID: 22362

File Name: twiki_filename_dir_traversal.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 9/15/2006

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:twiki:twiki

Required KB Items: installed_sw/TWiki

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 9/7/2006

Vulnerability Publication Date: 9/7/2006

Reference Information

CVE: CVE-2006-4294

BID: 19907