Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » TWiki Restricted Content Access and Remote Denial of Service Vulnerabilities

 

Release Date: 27/03/2006 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1013499 Cause: Not specified
Solution Status: Vendor Patch Impact: Denial of service
Security bypass
Exploit Status: PoC Available Access Vector: From remote
 
Affected Software: TWiki
 

 

Description:

Two vulnerabilities in TWiki have been reported, which can be exploited by remote users to trigger denial of service conditions and bypass certain security restrictions.

1) It is possible to view restricted content via the rdiff and preview scripts.

The vulnerability has been reported in releases TWikiRelease04x00x01 and TWikiRelease04x00x00.

2) An error in the handling of circular references for the "%INCLUDE" statement can be exploited to cause an infinite recursion and consume a large amount of memory resources on a vulnerable system by supplying a URL which references itself.

The vulnerability has been reported in the following releases:
* TWikiRelease04x00x01
* TWikiRelease04x00x00
* TWikiRelease04Sep2004
* TWikiRelease03Sep2004
* TWikiRelease02Sep2004
* TWikiRelease01Sep2004
* TWikiRelease01Feb2003
* TWikiRelease01Dec2001
* TWikiRelease01Sep2001

 

Proof of Concept:

Information Disclosure:
http://[target]/bin/preview/[restrictedcontent]/WebHome?action=foo

 

Solution:

Apply patches, see original vendor advisories for more information.

The vulnerabilities will be fixed in the upcoming 4.0.2 version.

 

Credits:

The vendor credits:
1) Sergej Zagursky and Steffen Poulsen
2) Kenneth Lavrsen

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

05 Jul 06: TWiki Upload Filter Remote Security Bypass and Arbitrary File Upl..

01 Dec 06: TWiki "ErrorDocument" Directive Handling Remote Authentication By..

08 Sep 06: TWiki "filename" Parameter Handling Remote Information Disclosure..

19 Jun 06: TWiki Registration Account Override Vulnerability

09 Feb 07: TWiki CGI Session File Unspecified Perl Code Execution Vulnerabil..

[more ...]