Summary
Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Orion Application Server 2.0.7 is vulnerable
other versions may also
be affected.
References
Severity
Classification
-
CVE CVE-2009-4493 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- CERN HTTPD access control bypass
- Check for dangerous IIS default files
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability