CVE Details for CVE: CVE-2005-2877
Summary
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
| Timestamps | |
|---|---|
| Last major update | 18-10-2016 - 03:31 |
| Published | 16-09-2005 - 20:03 |
| Last modified | 18-10-2016 - 03:31 |
Vulnerable Configurations
-
cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*
-
cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*
-
cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*
-
cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*
-
cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*
CWE
CVSS
Base
7.5
Impact
6.4
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 14834 |
| bugtraq | 20050914 TWiki Remote Command Execution Vulnerability |
| cert-vn | VU#757181 |
| confirm | http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev |
saint
via4