关键信息提取 Vulnerable Software Version TWiki 4.0.0 and TWiki 4.0.1 Attack Vectors Vulnerable to unauthorized viewing of restricted content through the and scripts due to ignored access control settings. Impact Unauthorized users can access restricted areas and confidential content in TWiki topics. Severity Level Severity 2: TWiki installation is compromised. Mitre Name for this Vulnerability CVE-2006-1386 Details To demonstrate the vulnerability: Set , then edit the URL to replace with . To demonstrate the vulnerability: Access a restricted web by using the script instead of . Example URL: Countermeasures Apply hotfixes. Upgrade to TWiki 4.0.2. Authors and Credits Credit to and for disclosing issues. Credit to for providing the fix and hotfix description. Hotfix for TWiki 4.0.0 and TWiki 4.0.1 Hotfix for script: Modify . Hotfix for script: Modify . Action Plan with Timeline User discloses issue, developer verifies and creates fix, sends alerts, and publishes advisory. Timeline from March 21 to March 25, 2006. External Links CVE entry and advisories from various security platforms. Attachments Hotfix patches for and files.