CVE-2006-1387

Name of the Vulnerable Software and Affected Versions TWiki versions 20010901 through 20040904 TWiki version 4.0 TWiki version 4.0.1

Description The issue allows remote authenticated users with edit rights to cause a denial of service. This is achieved through INCLUDE by URL statements that form a loop, such as a page that includes itself, leading to infinite recursion and consumption of CPU and memory.

Recommendations For TWiki versions 20010901 through 20040904, consider restricting the use of INCLUDE by URL statements to prevent loops. For TWiki version 4.0, avoid using self-including pages to minimize the risk of exploitation. For TWiki version 4.0.1, restrict access to edit rights to minimize the potential for denial of service attacks.