Detections
Analytics
TWiki bin/configure 'image' Parameter Traversal Arbitrary File Access/Execution
high Nessus Plugin ID 34031
Language:
Synopsis
The remote web server hosts a CGI script that is affected by multiple vulnerabilities.Description
The version of TWiki running on the remote host allows access to the 'configure' script, and fails to sanitize the 'image' parameter of that script. When the 'action' parameter is set to 'image', an unauthenticated attacker can exploit this issue to execute arbitrary code or to view arbitrary files on the remote host subject to the privileges of the web server user id.Note that the TWiki Installation Guide says the 'configure' script should never be left open to the public.
Solution
Configure the web server to limit access to 'configure', either based on IP address or a specific user, according to the TWiki Installation Guide referenced above. Upgrades and hotfixes are also available from the vendor advisory listed above.See Also
http://twiki.org/cgi-bin/view/TWiki/TWikiInstallationGuide
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
Plugin Details
Severity: High
ID: 34031
File Name: twiki_image_dir_traversal.nasl
Version: 1.21
Type: remote
Family: CGI abuses
Published: 8/23/2008
Updated: 6/5/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:twiki:twiki
Required KB Items: installed_sw/TWiki
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/12/2008
Vulnerability Publication Date: 9/20/2008
Reference Information
CVE: CVE-2008-3195
CWE: 22