[Chameleon] Twiki vulnerability
Daniel Morissette
dmorissette at dmsolutions.ca
Wed Nov 24 13:34:55 EST 2004
Hi,
If you are running Twiki on any of your servers then please read this:
We've found that Twiki has a vulnerability and that's how maptools.org
has been compromised last week (and another bunch of attempts made since
we brought the server back up). This is a very serious threats and lots
of sites seem to have been attacked in the last few days so I would
encourage anyone with Twiki on their server to take it down until they
install a patch. For more details:
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearchHackReports
You could also search your Apache logs for the string "__BEGIN__" to
find out if your server may have been attacked/compromised already.
Daniel
P.S. This also explains why the Chameleon Twiki on maptools.org is
currently unavailable.
--
------------------------------------------------------------
Daniel Morissette dmorissette at dmsolutions.ca
DM Solutions Group http://www.dmsolutions.ca/
------------------------------------------------------------
More information about the Chameleon
mailing list