 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question1526 (01 Nov 2014, GeorgeClark)Edit Attach
This question about Not sure...: Answered
Is Foswiki 1.0.9 affected by CVE-2014-7236?
Hello, Does anybody know if Foswiki 1.0.9 is affected by CVE-2014-7236? We don't pldn to upgrade to tghe latest version, but we need to maintain the current version, so I'm trying to figure out if we need to apply the patch. Thank you -- AlinaRimbu - 28 Oct 2014 Yes, as described in Support.SecurityAlert-CVE-2014-7237, every foswiki release from 1.0.0 on is vulnerable due to this behavior of the Windows file system. It only applies to foswiki on Windows / Apache server installations. The described solution - modifying the UploadFilter regex to match files with a trailing period applies. A patch is not required, but the configuration should be updated. Note that there are other security issues on Foswiki versions prior to 1.1.9, so an update to the current release is advised. -- GeorgeClark - 01 Nov 2014QuestionForm edit
| Subject | Not sure... |
| Extension | |
| Version | Foswiki 1.0.9 |
| Status | Answered |
| Related Topics | Support.SecurityAlert-CVE-2014-7237 |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 01 Nov 2014, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy