PRIOn knowledge basePRION:CVE-2009-4496

HistoryJan 13, 2010 - 8:30 p.m.

Design/Logic Flaw

2010-01-1320:30:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.6%

JSON

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window’s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

CPENameOperatorVersion
boaeq0.94.14-rc21

CPE	Name	Operator	Version
	boa	eq	0.94.14-rc21

References

secunia.com/advisories/39775

www.securityfocus.com/archive/1/508830/100/0/threaded

www.securityfocus.com/bid/37718

www.ush.it/team/ush/hack_httpd_escape/adv.txt

www.vupen.com/english/advisories/2010/1133

lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.html

lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.html

lists.fedoraproject.org/pipermail/package-announce/2010-May/041285.html

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.6%

JSON

Related for PRION:CVE-2009-4496