Nessus Plugin #12281
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Chora Remote Code Execution Vulnerability
- Family:
- CGI abuses
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2004 George A. Theall
- Summary:
- Checks for remote code execution vulnerability in Chora
- Version:
- $Revision: 1.3 $
- Cve_id:
- -
- Bugtraq_id:
- 10531
- Xrefs:
- GLSA:GLSA 200406-09, OSVDB:7005
- Description:
The remote server is running at least one instance of Chora version
1.2.1 or earlier. Such versions have a flaw in the diff viewer that
enables a remote attacker to run arbitrary code with the permissions of
the web user.
See also : http://security.e-matters.de/advisories/102004.html
Solution : Upgrade to Chora version 1.2.2 or later.
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.