Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Yaws Security Vulnerabilities

cve
cve

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command...

9.8CVSS

9.4AI Score

0.614EPSS

2020-09-09 07:15 PM
79
cve
cve

CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE...

9.8CVSS

9.3AI Score

0.022EPSS

2020-09-09 07:15 PM
53
cve
cve

CVE-2020-12872

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than...

5.5CVSS

5.8AI Score

0.001EPSS

2020-05-15 07:15 PM
136
cve
cve

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS

6.2AI Score

0.011EPSS

2019-12-10 03:15 PM
25
cve
cve

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL...

6.5CVSS

6.2AI Score

0.174EPSS

2019-11-26 05:15 AM
69
cve
cve

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this....

7.5CVSS

7.5AI Score

0.962EPSS

2017-07-07 11:29 AM
42
cve
cve

CVE-2011-5025

Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text....

5.8AI Score

0.002EPSS

2011-12-29 11:55 AM
19
cve
cve

CVE-2010-4181

Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other...

6.5AI Score

0.035EPSS

2010-11-04 07:00 PM
31
cve
cve

CVE-2009-4495

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

7.7AI Score

0.002EPSS

2010-01-13 08:30 PM
29
cve
cve

CVE-2009-0751

Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of...

6.4AI Score

0.196EPSS

2009-03-02 10:30 PM
37