Intrusion Prevention

Novell.Forum.Unspecified.Remote.Tcl.Code.Execution

Description

This indicates a possible exploit of a remote command-execution vulnerability in Novell SiteScape Forum software.
A vulnerability has been reported in SiteScape Forum that may allow an attacker to execute TCL commands on a vulnerable system. An attacker may include TCL commands by supplying an injection string through the URL.

Affected Products

Novell Forum (formerly SiteScape Forum) 7.x
Novell Forum (formerly SiteScape Forum) 8.x

Impact

System Compromise: Remote attackers can execute arbitrary TCL commands.

Recommended Actions

Apply the patch, available from the following web site:
http://download.novell.com/Download?buildid=6k-5X-UPnrM~

CVE References

CVE-2007-6515