Two vulnerabilities have been identified in TWiki, which could be exploited by attackers to gain knowledge of sensitive information or compromise a vulnerable web server.

The first issue is caused by an input validation error when processing the "SEARCH" parameter via an "eval()" call, which could allow remote attackers to inject and execute arbitrary commands.

The second vulnerability is caused by an input validation error when processing the "URLPARAM" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.

Affected Products

TWiki versions prior to 4.2.4

Solution

Upgrade to TWiki version 4.2.4 :
http://twiki.org/cgi-bin/view/Codev/DownloadTWiki

References

http://www.vupen.com/english/advisories/2008/3381
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

Credits

Vulnerabilities reported by Peter Allor (IBM Internet Security Systems), Marc Schoenefeld, and Steve Milner (Red Hat Security Response Team).

Changelog

2008-12-09 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.