ID de Prueba:	1.3.6.1.4.1.25623.1.0.802048
Categoría:	Web application abuses
Título:	TWiki 'MAKETEXT' variable RCE Vulnerability
Resumen:	TWiki is prone to a remote command execution (RCE) vulnerability.
Descripción:	Summary: TWiki is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: flaw is due to improper validation of '%MAKETEXT{}%' Twiki variable (UserInterfaceInternationalisation is enabled) which is used to localize user interface content to a language of choice. Vulnerability Impact: Successful exploitation could allow attackers to execute shell commands by Perl backtick (``) operators. Affected Software/OS: TWiki version 5.1.0 to 5.1.2, 5.0.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x Solution: Upgrade to TWiki-5.1.3 or later or apply patch. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6329 BugTraq ID: 56950 http://www.securityfocus.com/bid/56950 http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 https://bugzilla.redhat.com/show_bug.cgi?id=884354 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://openwall.com/lists/oss-security/2012/12/11/4 http://code.activestate.com/lists/perl5-porters/187763/ http://code.activestate.com/lists/perl5-porters/187746/ RedHat Security Advisories: RHSA-2013:0685 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://www.ubuntu.com/usn/USN-2099-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6330
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.