Signature Detail

HTTP: TWiki Search Module Remote Command Execution

This signature detects attempts to exploit a known vulnerability in the TWiki, a Web-based collaboration application. Because the TWiki search function does not properly check a search string for shell metacharacters, attackers can create a search string containing quotes and shell commands, enabling them to execute arbitrary code with Web server privileges. When TWiki access is unrestricted, attackers are not required to authenticate before using the search function.

Extended Description

TWiki is reported prone to a shell metacharacter remote command execution vulnerability. This issue may allow an attacker gain unauthorized access to a vulnerable computer by executing arbitrary commands. TWiki 20030201 is reported vulnerable to this issue, however, it is likely that other versions are affected as well.

Affected Products

• Conectiva Linux 10.0.0
• Gentoo Linux
• TWiki 01-Dec-2000
• TWiki 01-Dec-2001
• TWiki 01-Feb-2003
• TWiki 20030201
• TWiki 20040901

References

• BugTraq: 11674
• CVE: CVE-2004-1037
• URL: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch
• URL: http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html