SID-00289: CVE-2009-1339 Vulnerability Fix for TWiki TWiki 4.1.x Sites?
| Status: |  Answered |
TWiki version: | 4.1.2 | Perl version: | 5.8.5 |
| Category: | CategorySecurity | Server OS: | RHEL 4u7 | Last update: | 16 years ago |
Discussion and Answer
See Codev.SecurityAlert-CVE-2009-1339. Apply the minimal hotfix for TWiki-4.1.x, we have not tested it on pre-4.2 releases, but it should work since no Perl source code change is needed. Upgrade to TWiki-4.3.1 recommended. -- PeterThoeny - 2009-04-29 Thanks Peter. But that patch may not work, as some of the form code lines in 4.1 are GETs where in 4.2/4.3 they are originally no action and are being changed to POSTs by the patch. If you're saying that these should be changed from GETs to POSTs in 4.1.x, I can try that, but I am concerned about breaking something ... Also eager to upgrade to the current version; please see my recent question on that as well. -- JohnDeStefano - 2009-04-29 All form actions calling the save script need to be changed to "post" method. -- PeterThoeny - 2009-06-02
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box. | SupportForm | |
|---|---|
| Status | Answered |
| Title | CVE-2009-1339 Vulnerability Fix for TWiki TWiki 4.1.x Sites? |
| SupportCategory | CategorySecurity |
| TWiki version | 4.1.2 |
| Server OS | RHEL 4u7 |
| Web server | Apache 2.0.52 |
| Perl version | 5.8.5 |
Topic revision: r4 - 2009-06-02 - PeterThoeny
Site map
Blog web
Search
Changes
RSS Feed
Notifications
Statistics
Preferences
Register new user
Support Forum 
Ask a question
Open questions 
My recent questions
Get quick help in #twiki IRC channel
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.