Summary
Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Boa Webserver 0.94.14rc21 is vulnerable
other versions may also
be affected.
References
Severity
Classification
-
CVE CVE-2009-4496 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability
- Check for bdir.htr files
- Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability