CVE-2014-7237

Sažetak

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.

Reference

http://seclists.org/fulldisclosure/2014/Oct/45
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
http://www.securitytracker.com/id/1030982
https://exchange.xforce.ibmcloud.com/vulnerabilities/96952

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

16-10-2014 - 00:55