• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TWiki Remote Denial Of Service Vulnerability

Solution:

The vendor has suggested the following hotfix; Symantec has not tested the validity of this information. Contact the vendor for more information.

In the file 'twiki/lib/TWiki.pm', find 'sub _includeUrl', add a return at the very beginning as indicated in red below:

# Fetch content from a URL for inclusion by an INCLUDE
sub _includeUrl {
my( $this, $theUrl, $thePattern, $theWeb, $theTopic ) = @_;

# Fix for Codev.SecurityAdvisoryDosAttackWithInclude
return "%RED% Include of URL is disabled %ENDCOLOR%";

my $text = '';
my $host = '';
my $port = 80;
my $path = '';
my $user = '';
my $pass = '';