Orion Application Server Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Orion Application Server 2.0.7 is vulnerable other versions may also be affected.

References

http://www.orionserver.com
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37717

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4493

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
Kolibri Webserver 'HEAD' Request Processing Buffer Overflow Vulnerability
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability

Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities