Short Name |
HTTP:CGI:TWIKI-VIEW-EXEC |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
TWiki VIEW Command Execution |
Release Date |
2005/11/14 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability against shell metacharacters in a TWIki URL. TWiki 20030201 and earlier versions do not properly sanitize URL requests. Malicious users can execute arbitrary shell commands at the same privilege level as the Web server.
TWiki is reported prone to a shell metacharacter remote command execution vulnerability. This issue may allow an attacker gain unauthorized access to a vulnerable computer by executing arbitrary commands. TWiki 20030201 is reported vulnerable to this issue, however, it is likely that other versions are affected as well.