** WHITE information - Unlimited distribution allowed **
** see https://go.egi.eu/tlp for distribution restrictions **
Title: HEADS UP - 'High' RISK - Multiple sites report attempts to
exploit CVE-2014-7236 affecting Twiki
Date: 2014-10-31
URL: https://advisories.egi.eu/CSIRT_Alerts/Twiki-2014-10-31
Multiple sites within the EGI and WLCG collaboration running Twiki have
reported attempts to exploit CVE-2014-7236.
This vulnerability concerns unauthenticated remote code execution, hence is a
serious issue.
This vulnerability has been fixed by the twiki team.
Sites running twiki may like to ensure they have updated recently, for more
information see:
See http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
Although our usual activity is to handle security matters in the Grid and Cloud
infrastructure, we are issuing this 'heads up' as many on these lists also run
Twiki.
From details in the above link:
-------------------------------
It is possible to execute arbitrary Perl code by adding a debugenableplugins
parameter with a specially crafted value.
Example:
http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit
The TWiki site is vulnerable if you see a page with text "Vulnerable!".
On behalf of the EGI CSIRT and SVG,
Sven Gabriel
Security Officer on Duty