Candidate: CVE-2008-3195
PublicDate: 2008-09-18 15:04:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3195
Description:
 Directory traversal vulnerability in bin/configure in TWiki before 4.2.3,
 when a certain step in the installation guide is skipped, allows remote
 attackers to read arbitrary files via a query string containing a .. (dot
 dot) in the image variable, and execute arbitrary files via unspecified
 vectors.
Ubuntu-Description:
Notes:
 jdstrand> per Debian, access to configure script is restricted to localhost on
  Debian
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_twiki:
upstream_twiki: released (4.2.3, 1:4.1.2-5)
dapper_twiki: ignored (reached end-of-life)
feisty_twiki: needed (reached end-of-life)
gutsy_twiki: needed (reached end-of-life)
hardy_twiki: ignored (reached end-of-life)
intrepid_twiki: needed (reached end-of-life)
jaunty_twiki: not-affected (1:4.1.2-5ubuntu1)
karmic_twiki: not-affected
lucid_twiki: DNE
maverick_twiki: DNE
natty_twiki: DNE
oneiric_twiki: DNE
devel_twiki: DNE