Summary
This host is installed with Binary Moon
TimThumb and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary commands.
Impact Level: Application
Solution
Upgrade to version 2.8.14, or higher,
For updates refer http://www.binarymoon.co.uk/projects/timthumb
Insight
Flaw is in the timthumb.php script related
to the WebShot feature that is triggered as input passed via the 'src' parameter is not properly sanitized.
Affected
Binary Moon TimThumb version 2.8.13,
prior versions may also be affected.
Detection
Send a crafted request via HTTP GET and
check whether it is able to execute system command or not.
References
- http://packetstormsecurity.com/files/127192
- http://seclists.org/fulldisclosure/2014/Jul/4
- http://seclists.org/fulldisclosure/2014/Jun/117
- http://seclists.org/oss-sec/2014/q2/689
- http://www.exploit-db.com/exploits/33851
- http://www.osvdb.org/108398
- https://code.google.com/p/timthumb/issues/detail?id=485
- https://code.google.com/p/timthumb/source/detail?r=219
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-4663 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability