Test Kennung:	1.3.6.1.4.1.25623.1.0.802048
Kategorie:	Web application abuses
Titel:	TWiki 'MAKETEXT' variable Remote Command Execution Vulnerability
Zusammenfassung:	The host is running TWiki and is prone to remote command execution; vulnerability.
Beschreibung:	Summary: The host is running TWiki and is prone to remote command execution vulnerability. Vulnerability Insight: flaw is due to improper validation of '%MAKETEXT{}%' Twiki variable (UserInterfaceInternationalisation is enabled) which is used to localize user interface content to a language of choice. Vulnerability Impact: Successful exploitation could allow attackers to execute shell commands by Perl backtick (``) operators. Affected Software/OS: TWiki version 5.1.0 to 5.1.2, 5.0.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x Solution: Upgrade to TWiki-5.1.3 or later or apply patch. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 56950 Common Vulnerability Exposure (CVE) ID: CVE-2012-6329 http://www.securityfocus.com/bid/56950 http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 https://bugzilla.redhat.com/show_bug.cgi?id=884354 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://openwall.com/lists/oss-security/2012/12/11/4 http://code.activestate.com/lists/perl5-porters/187763/ http://code.activestate.com/lists/perl5-porters/187746/ RedHat Security Advisories: RHSA-2013:0685 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://www.ubuntu.com/usn/USN-2099-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6330
Copyright	Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.