[Chameleon] Twiki vulnerability

Daniel Morissette dmorissette at dmsolutions.ca
Wed Nov 24 13:34:55 EST 2004


If you are running Twiki on any of your servers then please read this:

We've found that Twiki has a vulnerability and that's how maptools.org 
has been compromised last week (and another bunch of attempts made since 
we brought the server back up). This is a very serious threats and lots 
of sites seem to have been attacked in the last few days so I would 
encourage anyone with Twiki on their server to take it down until they 
install a patch. For more details: 

You could also search your Apache logs for the string "__BEGIN__" to 
find out if your server may have been attacked/compromised already.


P.S. This also explains why the Chameleon Twiki on maptools.org is 
currently unavailable.
  Daniel Morissette               dmorissette at dmsolutions.ca
  DM Solutions Group              http://www.dmsolutions.ca/

More information about the Chameleon mailing list