Lucene search
PRIOn knowledge basePRION:CVE-2020-24379HistorySep 09, 2020 - 7:15 p.m.
Design/Logic Flaw
2020-09-0919:15:00
PRIOn knowledge base
www.prio-n.com
8
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 18.04 | |
| debian_linux | eq | 9.0 | |
| debian_linux | eq | 10.0 | |
| yaws | ge | 1.81 | |
| yaws | le | 2.0.7 |
References
github.com/erlyaws/yaws/commits/master
github.com/vulnbe/poc-yaws-dav-xxe
lists.debian.org/debian-lts-announce/2020/09/msg00022.html
packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html
usn.ubuntu.com/4569-1/
vuln.be/post/yaws-xxe-and-shell-injections/
www.debian.org/security/2020/dsa-4773
Related
debiancve
debiancve
CVE-2020-24379
2020-09-09 19:15:21
cvelist
cvelist
CVE-2020-24379
2020-09-09 18:10:23
nvd
nvd
CVE-2020-24379
2020-09-09 19:15:21
osv
osv
CVE-2020-24379
2020-09-09 19:15:21
yaws - security update
2020-09-26 00:00:00
yaws vulnerabilities
2020-10-05 13:32:55
cve
cve
CVE-2020-24379
2020-09-09 19:15:21
ubuntucve
ubuntucve
CVE-2020-24379
2020-09-09 00:00:00
debian
debian
[SECURITY] [DLA 2384-1] yaws security update
2020-09-26 16:00:58
[SECURITY] [DSA 4773-1] yaws security update
2020-10-16 21:55:11
[SECURITY] [DSA 4773-1] yaws security update
2020-10-16 21:55:11
ubuntu
ubuntu
Yaws vulnerabilities
2020-10-05 00:00:00
nessus
nessus
Debian DSA-4773-1 : yaws - security update
2020-10-19 00:00:00
Debian DLA-2384-1 : yaws security update
2020-09-28 00:00:00
Ubuntu 18.04 LTS : Yaws vulnerabilities (USN-4569-1)
2020-10-05 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4569-1)
2020-10-06 00:00:00
Debian: Security Advisory (DSA-4773-1)
2020-10-17 00:00:00
Debian: Security Advisory (DLA-2384-1)
2020-09-27 00:00:00
packetstorm
packetstorm
Yaws 2.0.7 XML Injection / Command Injection
2020-09-08 00:00:00
archlinux
archlinux
[ASA-202009-14] yaws: multiple issues
2020-09-26 00:00:00
checkpoint_advisories
checkpoint_advisories