You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2014/06/27 16:54:26 UTC

[jira] [Updated] (JSPWIKI-846) Potential Command Execution from Wiki.jsp & rss.jsp

     [ https://issues.apache.org/jira/browse/JSPWIKI-846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Harry Metske updated JSPWIKI-846:
---------------------------------

    Security:     (was: Security Vulnerability Disclosure)

> Potential Command Execution from Wiki.jsp & rss.jsp
> ---------------------------------------------------
>
>                 Key: JSPWIKI-846
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-846
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.10.1
>            Reporter: Jeff LoBello
>
> Nessus reported the following potential vulnerability...
> Date: Fri 13 Jun 2014 15:29:51 MET
> Vuln#: 3CN39465 (counted)
> Vulnerability: CGI Generic Command Execution
> ToDo: Restrict access to the vulnerable application. Contact thevendor for a patch or upgrade.
> CertRef: 
> Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=39465
> Comment: 
> NessusOutput:
> Port: 80/tcp
> Using the GET HTTP method, Nessus found that :
> + The following resources may be vulnerable to arbitrary command execution :
> + The 'page' parameter of the /wiki/Wiki.jsp CGI :
> /wiki/Wiki.jsp?page=echo%20NeS%20%20SuS
> -------- output --------
> &lt;meta name=&quot;wikiBaseUrl&quot; content='http://165.226.163.94/wiki/' /&gt; &lt;meta name=&quot;wikiPageUrl&quot; content='/wiki/Wiki.jsp?page=%23%24%25' /&gt; &lt;meta name=&quot;wikiEditUrl&quot; content='/wiki/Edit.jsp?page=Echo%20NeS%20SuS' 
> /&gt;
> &lt;meta name=&quot;wikiJsonUrl&quot; content='/wiki/JSON-RPC' /&gt; &lt;meta name=&quot;wikiPageName&quot; content='Echo NeS SuS' /&gt;
> ------------------------
> + The 'page' parameter of the /wiki/rss.jsp CGI :
> /wiki/rss.jsp?page=echo%20NeS%20%20SuS
> -------- output --------
> Error 404: No such page Echo NeS SuS
> ------------------------
> Clicking directly on these URLs should exhibit the issue :
> (you will probably need to read the HTML source)
> http://165.226.163.94/wiki/Wiki.jsp?page=echo%20NeS%20%20SuS
> http://165.226.163.94/wiki/rss.jsp?page=echo%20NeS%20%20SuS
> I believe this is a false positive.  I did not see evidence of arbitrary command injection, but nonetheless, I wanted to pass on the finding for your analysis.



--
This message was sent by Atlassian JIRA
(v6.2#6252)