EGI CSIRT:Alerts/Twiki-2014-10-31
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: HEADS UP - 'High' RISK - Multiple sites report attempts to exploit CVE-2014-7236 affecting Twiki Date: 2014-10-31 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/Twiki-2014-10-31 Multiple sites within the EGI and WLCG collaboration running Twiki have reported attempts to exploit CVE-2014-7236. This vulnerability concerns unauthenticated remote code execution, hence is a serious issue. This vulnerability has been fixed by the twiki team. Sites running twiki may like to ensure they have updated recently, for more information see: See http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 Although our usual activity is to handle security matters in the Grid and Cloud infrastructure, we are issuing this 'heads up' as many on these lists also run Twiki. From details in the above link: ------------------------------- It is possible to execute arbitrary Perl code by adding a debugenableplugins parameter with a specially crafted value. Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit The TWiki site is vulnerable if you see a page with text "Vulnerable!". On behalf of the EGI CSIRT and SVG, Sven Gabriel Security Officer on Duty