New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
IDEA! Get Alerted: to get immediate alerts of high priority security issues, please join the low-volume foswiki-announce list - details at MailingLists

txt plain text

Security Alert:

Severity Level

Severity 1 issue: The web server can be compromised

The severity level was assigned by the Foswiki SecurityTaskTeam as documented in SecurityAlertProcess

Vulnerable Software Versions

To be fixed in Foswiki

ALERT! Note before anyone makes this page more sexy with tables and graphics. I have to be able to send this out as a text only email. And it is a pain having to spend half an hour reformating. So please leave this template in a way that I can still copy and paste text to an email client. -- Kenneth

Attack Vectors

describe the attack vector here - typically given in the security report


describe the impact of the exploit


Give more details about the exploit


  • Apply hotfix (see patch below).
  • Apply fix in Apache configuration (see below)
  • Upgrade to the latest patched production FoswikiRelease01x00x05.

Authors and Credits

Hotfix for Foswiki Production Release 1.0.0-1.0.4

Action Plan with Timeline

  • 2009-04-15 - User discloses issue to foswiki security mailing list (names here)
  • 2009-04-16 - Developer verifies issue (name)
  • 2009-04-16 - Security team triage the issue (name)
  • 2009-04-16 - Developer fixes code (names)
  • 2009-04-26 - Security team creates advisory with hotfix (name)
  • 2009-04-25 - Release Manager builds patch release (name)
  • 2009-04-27 - Send alert to foswiki-announce and foswiki-discuss mailing lists (name)
  • 2009-04-29 - Publish advisory in Support web and update all related topics (name)
  • 2009-04-29 - Reference to public advisory on Download page and Known Issues (name)
  • 2009-04-29 - Issue a public security advisory (,, (name)

Topic revision: r7 - 11 Jan 2013, GeorgeClark - This page was cached on 24 Mar 2018 - 11:09.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License