Boa Webserver Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Boa Webserver 0.94.14rc21 is vulnerable other versions may also be affected.

References

http://www.boa.org/
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37718

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4496

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
Ecava IntegraXor Directory Traversal Vulnerability
Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011

Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities