Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an entry page.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jspwiki | Jspwiki | 2.4.104 (including) | 2.4.104 (including) |
| Jspwiki | Jspwiki | 2.5.139 (including) | 2.5.139 (including) |
| Jspwiki | Jspwiki | 2.5.139_beta (including) | 2.5.139_beta (including) |
| Jspwiki | Ubuntu | dapper | * |
| Jspwiki | Ubuntu | edgy | * |
| Jspwiki | Ubuntu | feisty | * |
| Jspwiki | Ubuntu | gutsy | * |
| Jspwiki | Ubuntu | hardy | * |
| Jspwiki | Ubuntu | intrepid | * |
| Jspwiki | Ubuntu | upstream | * |
References
- http://marc.info/?l=bugtraq\u0026m=120300554011544\u0026w=2
- http://secunia.com/advisories/28969
- http://www.bugsec.com/articles.php?Security=48\u0026Web-Application-Firewall=0
- http://www.securityfocus.com/bid/27785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40511
- https://www.exploit-db.com/exploits/5112
- http://marc.info/?l=bugtraq\u0026m=120300554011544\u0026w=2
- http://secunia.com/advisories/28969
- http://www.bugsec.com/articles.php?Security=48\u0026Web-Application-Firewall=0
- http://www.securityfocus.com/bid/27785
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40511
- https://www.exploit-db.com/exploits/5112