Vulnerabilities > CVE-2006-1387 - Remote Denial Of Service vulnerability in TWiki

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

twiki

NVD

Published: 2006-03-26

Updated: 2017-07-20

Summary

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.

Vulnerable Configurations

Part	Description	Count
Application	Twiki Twiki Twiki 4.0 Twiki Twiki 4.0.1 Twiki Twiki 2001-09-01 Twiki Twiki 2001-12-01 Twiki Twiki 2003-02-01 Twiki Twiki 2004-09-01 Twiki Twiki 2004-09-02 Twiki Twiki 2004-09-03 Twiki Twiki 2004-09-04	9

References

http://secunia.com/advisories/19410
http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude
http://www.securityfocus.com/bid/17267
http://www.vupen.com/english/advisories/2006/1116
https://exchange.xforce.ibmcloud.com/vulnerabilities/25445