Summary
This host is installed with Binary Moon
TimThumb and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary commands.
Impact Level: Application
Solution
Upgrade to version 2.8.14, or higher,
For updates refer http://www.binarymoon.co.uk/projects/timthumb
Insight
Flaw is in the timthumb.php script related
to the WebShot feature that is triggered as input passed via the 'src' parameter is not properly sanitized.
Affected
Binary Moon TimThumb version 2.8.13,
prior versions may also be affected.
Detection
Send a crafted request via HTTP GET and
check whether it is able to execute system command or not.
References
- http://packetstormsecurity.com/files/127192
- http://seclists.org/fulldisclosure/2014/Jul/4
- http://seclists.org/fulldisclosure/2014/Jun/117
- http://seclists.org/oss-sec/2014/q2/689
- http://www.exploit-db.com/exploits/33851
- http://www.osvdb.org/108398
- https://code.google.com/p/timthumb/issues/detail?id=485
- https://code.google.com/p/timthumb/source/detail?r=219
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4663 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat DOS Device Name XSS
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities