FYI: Patch aproach for hotfix are avaialble, but any actual patch is not written. http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339#Minimal_Hotfix_for_TWiki_Product
Aproachs are: 1) changing twiki-apache conf (/etc/twiki/apache.conf), it prevent from GET access for sensitive previledged pages. 2) changing templates files. it minimal included: * twiki/templates/messages.tmpl * twiki/templates/oopsmore.tmpl * twiki/templates/registerconfirm.tmpl
FYI: twiki.org/ cgi-bin/ view/Codev/ SecurityAlert- CVE-2009- 1339#Minimal_ Hotfix_ for_TWiki_ Product
Patch aproach for hotfix are avaialble, but any actual patch is not written.
http://
Aproachs are: apache. conf), it prevent from GET access /messages. tmpl /oopsmore. tmpl /registerconfir m.tmpl
1) changing twiki-apache conf (/etc/twiki/
for sensitive previledged pages.
2) changing templates files. it minimal included:
* twiki/templates
* twiki/templates
* twiki/templates