CVE-2006-1386 Information

Description

The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings which allows remote attackers to read restricted areas and access restricted content in TWiki topics.

Reference

http://secunia.com/advisories/19410 http://securitytracker.com/id?1015843 http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess http://www.securityfocus.com/bid/17268 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25444