Summary
Yaws is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
Yaws 1.85 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2009-4495 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)