The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
EGI CSIRT:Alerts/Twiki-2014-10-31
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
| EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
** WHITE information - Unlimited distribution allowed **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
Title: HEADS UP - 'High' RISK - Multiple sites report attempts to
exploit CVE-2014-7236 affecting Twiki
Date: 2014-10-31
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Twiki-2014-10-31
Multiple sites within the EGI and WLCG collaboration running Twiki have reported attempts to
exploit CVE-2014-7236.
This vulnerability concerns unauthenticated remote code execution, hence is a serious issue.
This vulnerability has been fixed by the twiki team.
Sites running twiki may like to ensure they have updated recently, for more information see:
See http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
Although our usual activity is to handle security matters in the Grid and Cloud infrastructure,
we are issuing this 'heads up' as many on these lists also run Twiki.
From details in the above link:
-------------------------------
It is possible to execute arbitrary Perl code by adding a debugenableplugins parameter with a specially crafted value.
Example:
http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit
The TWiki site is vulnerable if you see a page with text "Vulnerable!".
On behalf of the EGI CSIRT and SVG,
Sven Gabriel
Security Officer on Duty