Yaws Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

Yaws is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Yaws 1.85 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37716
http://yaws.hyber.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4495
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
IBM WebSphere Application Server Multiple CSRF Vulnerabilities
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability

Yaws Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities