CVE-2008-3195

Public Exploit

Description

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.

References

Link	Tags
http://secunia.com/advisories/31849	third party advisory
https://www.exploit-db.com/exploits/6269	exploit
http://securityreason.com/securityalert/4265	third party advisory
http://secunia.com/advisories/31964	third party advisory
http://www.kb.cert.org/vuls/id/RGII-7JEQ7L
http://www.vupen.com/english/advisories/2008/2586	vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45183	vdb entry
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195	patch
http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights	patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45182	vdb entry
http://www.kb.cert.org/vuls/id/362012	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2008-3195?: CVE-2008-3195 has been scored as a medium severity vulnerability.
How to fix CVE-2008-3195?: To fix CVE-2008-3195, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-3195 being actively exploited in the wild?: It is possible that CVE-2008-3195 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~52% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions