Reported by John Lightsey of nixnuts.net.
Original advisory is at
Point 1: "This vulnerability affects web applications that use CGI::Session's "File" driver for session management on a Windows-based system. Linux-based systems are not affected, other platforms have not been tested." That is, only native TWiki on Windows are affected, which is rare.
Point 2: The CPAN lib path is disabled in a typical TWiki installation, e.g. the system's CGI::Session is used by default.
In other words, this only applies to your TWiki installation if you run TWiki natively on Windows (not in a virtual machine)
and you are using the CGI::Session supplied by TWiki (enabled using
$CPANBASE
in
twiki/bin/LocalLib.cfg
).
--
TWiki:Main/PeterThoeny - 2013-02-16