Novell Forum TCL Command Injection Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 1 Sep 2008 4770 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been reported in Novell Forum, which can be exploited by malicious people to to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error when handling certain requests, which can be exploited to inject and execute TCL commands by modifying the URL.

The vulnerability is reported in versions 7.0, 7.1, 7.2, 7.3, and 8.0. Other versions may also be affected.

Impact

  • Remote Code Execution

System / Technologies affected

  • Novell Forum (formerly SiteScape Forum) 7.x
  • Novell Forum (formerly SiteScape Forum) 8.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patch:
http://download.novell.com/Download?buildid=6k-5X-UPnrM~

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

AWStats Totals Code Execution and Cross Ste Scripting Vulnerabilities

28 Aug 2008 4916 Views

Next

Novell eDirectory Multiple Vulnerabilities

2 Sep 2008 4808 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY