Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://secunia.com/advisories/33040
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305 http://www.securitytracker.com/alerts/2008/Dec/1021351.html http://www.securitytracker.com/alerts/2008/Dec/1021352.html https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513 http://xforce.iss.net/xforce/xfdb/45293
http://www.vuxml.org/freebsd/f98dea27-d687-11dd-abd1-0050568452ac.html
Insight
The following package is affected: twiki
CVE-2008-5304
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
CVE-2008-5305
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
Severity
Classification
-
CVE CVE-2008-5304, CVE-2008-5305 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities