You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2014/06/27 16:54:26 UTC
[jira] [Updated] (JSPWIKI-846) Potential Command Execution from
Wiki.jsp & rss.jsp
[ https://issues.apache.org/jira/browse/JSPWIKI-846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske updated JSPWIKI-846:
---------------------------------
Security: (was: Security Vulnerability Disclosure)
> Potential Command Execution from Wiki.jsp & rss.jsp
> ---------------------------------------------------
>
> Key: JSPWIKI-846
> URL: https://issues.apache.org/jira/browse/JSPWIKI-846
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.10.1
> Reporter: Jeff LoBello
>
> Nessus reported the following potential vulnerability...
> Date: Fri 13 Jun 2014 15:29:51 MET
> Vuln#: 3CN39465 (counted)
> Vulnerability: CGI Generic Command Execution
> ToDo: Restrict access to the vulnerable application. Contact thevendor for a patch or upgrade.
> CertRef:
> Tool Reference: http://www.nessus.org/plugins/index.php?view=single&id=39465
> Comment:
> NessusOutput:
> Port: 80/tcp
> Using the GET HTTP method, Nessus found that :
> + The following resources may be vulnerable to arbitrary command execution :
> + The 'page' parameter of the /wiki/Wiki.jsp CGI :
> /wiki/Wiki.jsp?page=echo%20NeS%20%20SuS
> -------- output --------
> <meta name="wikiBaseUrl" content='http://165.226.163.94/wiki/' /> <meta name="wikiPageUrl" content='/wiki/Wiki.jsp?page=%23%24%25' /> <meta name="wikiEditUrl" content='/wiki/Edit.jsp?page=Echo%20NeS%20SuS'
> />
> <meta name="wikiJsonUrl" content='/wiki/JSON-RPC' /> <meta name="wikiPageName" content='Echo NeS SuS' />
> ------------------------
> + The 'page' parameter of the /wiki/rss.jsp CGI :
> /wiki/rss.jsp?page=echo%20NeS%20%20SuS
> -------- output --------
> Error 404: No such page Echo NeS SuS
> ------------------------
> Clicking directly on these URLs should exhibit the issue :
> (you will probably need to read the HTML source)
> http://165.226.163.94/wiki/Wiki.jsp?page=echo%20NeS%20%20SuS
> http://165.226.163.94/wiki/rss.jsp?page=echo%20NeS%20%20SuS
> I believe this is a false positive. I did not see evidence of arbitrary command injection, but nonetheless, I wanted to pass on the finding for your analysis.
--
This message was sent by Atlassian JIRA
(v6.2#6252)