Summary
This host is installed with Varnish and is prone to Log Escape Sequence Injection Vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary commands in a terminal.
Impact level: Application
Solution
Upgrade to Varnish version 2.1.2 or later
For updates refer to http://varnish.projects.linpro.no/wiki/WikiStart
Insight
The flaw exists when the Web Server is executed in foreground in a pty or when the logfiles are viewed with tools like 'cat' or 'tail' injected control characters reach the terminal and are executed.
Affected
Varnish version 2.0.6 and prior.
References
Severity
Classification
-
CVE CVE-2009-4488 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities